LDAP groups not mapped.

[mkaliyannan]

I tried to map the LDAP groups to grant access the opnsense. AD Authentication accepted but no groups were displayed.

User: XXXXX authenticated successfully. This user is a member of these groups:

I added groups called opnsense. and also make a member as the group. But doesn't work.

[AdSchellevis]

OPNsense doesn't map remote ldap groups, you can import users and manage the groups in OPNsense from the user manager. There's a button at the right corner of the user manager to import users. At the moment there's no sync option for groups.

For more information about the design choice, see https://github.com/opnsense/core/issues/266

[mkaliyannan]

Thank you so Much. Appriciated !!!

From: "Ad Schellevis" notifications@github.com To: "opnsense/core" core@noreply.github.com Cc: "Mohanasundaram, Kaliyannan" mohanasundaram.k@logictech.ca Sent: Friday, August 28, 2015 2:15:24 PM Subject: Re: [core] LDAP groups not mapped. (#360)

OPNsense doesn't map remote ldap groups, you can import users and manage the groups in OPNsense from the user manager. There's a button at the right corner of the user manager to import users. At the moment there's no sync option for groups.

For more information about the design choice, see #266

— Reply to this email directly or view it on GitHub .

=0 A

The company accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided,unless that information is subsequently confirmed in writing. If you are notthe intended recipient you are notified that disclosing, copying,distributing or taking any action in reliance on the contents of this information is strictly prohibited.

[Flos]

I currently switching from pfsense to opnsense. I can't find anything good behind the new LDAP behaviour in opnsense. I also don't see the import user option, I can only add a user.

OPNsense 16.1.8-amd64   
FreeBSD 10.2-RELEASE-p14    
OpenSSL 1.0.2g 1 Mar 2016

The group mapping was a nice and powerfull feature. Now I have to import and create the users, I have to assign the rights by creating groups, and assigning these groups again to the users. Even when they are in the AD already a member of that group. If I get a new IT-Admin I have to remember that I have to add him also in opnsense, not only in AD. If every application does it like this It will be a mess to maintain the application pool.

[fenderle]

I too don't see a button and would really prefer group mapping. Just my 5 cents.