Netgate SG-1000 microFirewall

Author Topic: LDAP Rightset  (Read 108 times)

0 Members and 1 Guest are viewing this topic.

Offline oeawallis

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
LDAP Rightset
« on: November 14, 2017, 04:32:43 am »
Hallo together!

Is there a possibility for:

Allowing different LDAP-groups to access different VLANs on my pfsense via IPSEC IKv1 ?

For example:

LDAP-Group svc-admins can access to the ADMIN vlan, while any other group cannot?  :o

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21561
  • Karma: +1471/-26
    • View Profile
Re: LDAP Rightset
« Reply #1 on: November 14, 2017, 08:45:08 am »
Not with IPsec or LDAP. There isn't any way for the firewall to determine which user to associate with a given set of rules.

If you used RADIUS with IPsec, you could allocate each user a static IP address and then use rules/aliases to accomplish the task.

If you used OpenVPN, you could have each set of users connect to a distinct VPN port with different sets of CA/Cert structures depending on the access level -- or you could have everyone connect to the same one but allocate static addresses and filter that way.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!