Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 10310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP groups with FreeIPA

doncornelius
Hi,
I've been able to connect my UTM 9.3 to FreeIPA 3.3.x for basic user/password authentication to the web portal and ssl client vpn.  However, I've been unable to get the UTM to use the user groups on FreeIPA to determine a user's access to an object.  I suspect the problem has to do with FreeIPA using nested groups.  I'm wondering if anyone has solved this, perhaps even using a version of Active Directory or other backend?  Thanks for any tips!


This thread was automatically locked due to age.
Parents
  • 0
    Create User Groups on the UTM, then add your backend authentication user accounts to those.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    You can create groups attached to the FreeIPA the trick is to get the right attributes:

    It should go like this:

    Group type: Backend Membership

    check an LDAP Attribute

    Attribute: memberOf
    Value: cn=usergroup,cn=groups,cn=accounts,dc=domain,dc=local
  • 0 in reply to digitalmtl

    Hi,

    first of all shouldn't this be documented by Sophos? How can one predict the ldap Attribute and Value?

    Anyway,

    I did what you suggested but still not getting it done.

    Where Values, I suppose I leave it like that, not replacing with my credentials, right?

     

     

     

     

     

    Is there something I can check on my freeipa server? Syslog not showing anything when I click on "test" on Sophos.

    I think is time for Sophos to make a Document about how to connect Freeipa to Sophos hence there is already for AD and openldap is rubbish.

    Thank you.

  • 0 in reply to Di Ka

    Never heard of your product.  Does it have market share among  potential paying customers for UTM?

    Read my LDAP post in the WiKi.  To make LDAP work, you have to know your available attributes, your directory structure, and LDAP syntax.  The first comes from your LDAP vendor, the second from you, the third from the standards bidies or the web.  You need to use your problem as your learning opoortunity.

Reply
  • 0 in reply to Di Ka

    Never heard of your product.  Does it have market share among  potential paying customers for UTM?

    Read my LDAP post in the WiKi.  To make LDAP work, you have to know your available attributes, your directory structure, and LDAP syntax.  The first comes from your LDAP vendor, the second from you, the third from the standards bidies or the web.  You need to use your problem as your learning opoortunity.

Children
Unfiltered HTML