Setting up LDAP Authentication for OPNSense

#OPNSense #LDAP #ActiveDirectory #Authentication

   01. Open a web browser and navigate to the OPNSense web UI
   02. Log in to OPNSense
   03. Select System ≫ Access ≫ Servers from the left navigation menu
   04. Click the Add button in the top right of the screen
   05. Complete the form with the following information
The setup below will allow members of the DnsAdmins AD group to authenticate, tweak as needed
         Type: LDAP
         Hostname or IP address    
         Port value: 389
         Transport: TCP - Standard
         Protocol version: 3
         Bind credentials:
             User DN: CN=Readonly SVC,CN=Users,DC=i12bretro,DC=local
             Password: Read0nly!!
         Search scope: Entire Subtree
         Base DN: DC=i12bretro,DC=local
         Authentication containers: CN=Users,DC=i12bretro,DC=local
         Extended Query:    
         &(memberOf=CN=DnsAdmins,CN=Users,DC=i12bretro,DC=local)
         User naming attribute: sAMAccountName
   06. Scroll to the bottom of the page and click the Save button
   07. Select System ≫ Access ≫ Tester from the left navigation menu
   08. Test the login capability of an LDAP user meeting the group requirements set above
   09. Select System ≫ Settings ≫ General from the left navigation menu
   10. Scroll down to the Authentication section
   11. Click the Server dropdown and enable authentication against the LDAP server
   12. Scroll to the bottom of the page and click the Save button
   13. Select System ≫ Access ≫ Users from the left navigation menu
   14. Click the cloud button at the bottom right of the user table
   15. Select users from LDAP to allow access to OPNSense
   16. Click the edit button next to each user and add the appropriate Group Memberships 
   17. Click Lobby ≫ Logout from the left navigation menu
   18. Test logging in as an LDAP authenticated user
 

### Connect with me and others ###