pfsense 389-ds Ldap authentication How to
pfsense provide a wide range of integration with the directory services such as 389-ds, Microsoft active directory, Openldap server etc to your users management integrations. You can use any of the directory services to fetch users and groups as an authentication backend. These remote user backends can be used to authenticate against the vpn services such as IPSec or openvpn.
in this tutorial we will use 389-ds as a directory server to fetch our user details.
Navigate to system and click on User Manager.
click on authentication server and click on add button.
in the descriptive name field, You can enter the name you desire to enter ( note this field has no dependencies on other fields, hence you can enter any name that you would like to).
select Ldap from the Type field.
PortValue: 389 ( this is the standard Ldap port ) you can also use 636 if you would wish to use ssl ports to connect to your 389-ds server.
Transport: You can use TCP -Standard incase you have used port 389 to connect to the ldap server, or you can use ssl or tls based on your ldap environment settings.
Peer Certificate Authority:standard value as we are not using ssl here.
Protocol version: 3 . Ldap V3 is supported by 389-ds you can use v1 or v2 if your ldap server does not support version3.
Server Timeout: default value is 60 which means its going to wait 60 seconds until the timeout occurs.
Level: one level.
Base DN: you r base dn. ex: dc=yourdomain,dc=com
Bind anonymous: check this option if your ldap server supports anonymous bind.
User naming attribute: uid
Group naming attribute: cn
Group member attribute: uniqueMember
Group Object Class: group
rest all options needs to be unchecked.
click on save.
once saved. edit your ldap server and click on select containers.
you would see your containers appearing on the section.