Setting up LDAP Authentication for OPNSense 🌱

  1. Open a web browser and navigate to the OPNSense web UI
  2. Log in to OPNSense
  3. Select System > Access > Servers from the left navigation menu
  4. Click the Add button in the top right of the screen
  5. Complete the form with the following information
    The setup below will allow members of the DnsAdmins AD group to authenticate, tweak as needed

    Descriptive name: i12bretro.local
    Type: LDAP
    Hostname or IP address    
    i12bretro.local
    Port value: 389
    Transport: TCP - Standard
    Protocol version: 3
    Bind credentials:
        User DN: CN=Readonly SVC,CN=Users,DC=i12bretro,DC=local
        Password: Read0nly!!
    Search scope: Entire Subtree
    Base DN: DC=i12bretro,DC=local
    Authentication containers: CN=Users,DC=i12bretro,DC=local
    Extended Query:    
    &(memberOf=CN=DnsAdmins,CN=Users,DC=i12bretro,DC=local)
    User naming attribute: sAMAccountName

  6. Scroll to the bottom of the page and click the Save button
  7. Select System > Access > Tester from the left navigation menu
  8. Test the login capability of an LDAP user meeting the group requirements set above
  9. Select System > Settings > General from the left navigation menu
  10. Scroll down to the Authentication section
  11. Click the Server dropdown and enable authentication against the LDAP server
  12. Scroll to the bottom of the page and click the Save button
  13. Select System > Access > Users from the left navigation menu
  14. Click the cloud button at the bottom right of the user table
  15. Select users from LDAP to allow access to OPNSense
  16. Click the edit button next to each user and add the appropriate Group Memberships 
  17. Click Lobby > Logout from the left navigation menu
  18. Test logging in as an LDAP authenticated user