pfsense 389-ds Ldap authentication How to

Published by blogger on

pfsense provide a wide range of integration with the directory services such as 389-ds, Microsoft active directory, Openldap server etc to your users management integrations. You can   use any of the directory services to fetch users and groups as an authentication backend. These remote user backends can be used to authenticate against the vpn services such as IPSec or openvpn.

in this tutorial we will use 389-ds as a directory server to fetch our user details.

Navigate to system and click on User Manager.


click on authentication server and click on add button.

in the descriptive name field, You can enter the name you desire to enter ( note this field has no dependencies on other fields, hence you can enter any name that you would like to).

select Ldap from the Type field.

PortValue: 389 ( this is the standard Ldap port ) you can also use 636 if you would wish to use ssl ports to connect to your 389-ds server.

Transport: You can use TCP -Standard incase you have used port 389 to connect to the ldap server, or you can use ssl or tls based on your ldap environment settings.

Peer Certificate Authority:standard value as we are not using ssl here.

Protocol version: 3 . Ldap V3 is supported by 389-ds you can use v1 or v2 if your ldap server does not support version3.

Server Timeout: default value is 60 which means its going to wait 60 seconds until the timeout occurs.

Search scope:

                 Level: one level.

Base DN: you r base dn. ex: dc=yourdomain,dc=com

Bind anonymous: check this option if your ldap server supports anonymous bind.

User naming attribute: uid

Group naming attribute: cn

Group member attribute: uniqueMember

Group Object Class: group

rest all options needs to be unchecked.

click on save.

once saved. edit your ldap server and click on select containers.


you would see your containers appearing on the section.