Pfsense LDAP Select Button Fix

Note: it is highly recommended that all versions of pfsense 2.0 be upgraded to version 2.1 (current stable release) which will resolve this issue.

With the recent release of pfsense 2.0, many of our customers have shown an interest in updating their OpenVPN Servers to utilize the new LDAP authentication module. With that said, we ran into a few snags when implementing LDAP that are worth noting. Included in pfsense 2.0 is the new menu “System” > “User Manager”. In this menu you have 4 tabs. Under the “Servers” tab is where you will need to add your AD or LDAP authentication source that will be used by OpenVPN. Once clicking on the add button, you will be required to fill in all the pertinent information for your infrastructure. Under the sub-heading “Authentication containers” you will notice there is a textbox to input the container path for your authorized users. To the right of the textbox is a select button. This select button is meant to open a pop-up window in which you can choose a container (in the path you entered) to authenticate users. Needless to say, we could never get it to open a pop-up and thus could not select a valid authentication container. Damn the bad luck! After searching the pfsense redmine bugtraker for “LDAP”, the first result gave us the info we needed (Link to Bug). Thanks to Max Lyth for submitting bug #2018 that details the fix to this problem (missing id element on pop-up window). in order to implement the fix, simply login to your pfsense box via ssh/scp and edit “/usr/share/www/system_authservers.php” with the fix provided at the link above. Once complete, you will be able to select an “Authentication Container” and then save the authentication source. To test your new authentication source, simply navigate to “Diagnostics” > “Authentication” and input the credentials of one of your users.

Did you find this article useful? Why not share it with your friends?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.