Hi,
I would like to setup pfsense with zentyal backend, where the users with their passwords and certificates are stored in Zentyal. I've setup pfsense so that it queries the LDAP correctly: I'm not sure whether I've correctly specified the naming attributes, which are presented on the picture below. I followed these rules:
https://forum.zentyal.org/index.php?topic=22954.0 , but those are for Zentyal 3.2, but Zentyal 3.5 started using Samba as LDAP server (openldap is not supported anymore).
Therefore, I would like to know the following:
1. The naming attributes that I need to use when Samba LDAP backend is in use. The details of my current user are presented below, which should make it easier to give me a few tips.
dn: CN=Name Surname,CN=Users,DC=domain,DC=com
cn: Name Surname
sn: Surname
givenName: name
instanceType: 4
whenCreated: 20140802111349.0Z
displayName: Name Surname
uSNCreated: 3859
name: Name Surname
objectGUID:: 4sA53BVs1RS1L6D3ThlZiQ==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AZUAAABBBAUVAABBBNg17vN/27QtOhL68UQQAAA==
accountExpires: 8122377126854785807
logonCount: 0
sAMAccountName: name.surname
sAMAccountType: 8056306568
userPrincipalName: name.surname@domain.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com
uidNumber: 2502
gidNumber: 2513
pwdLastSet: 130514516290000000
userAccountControl: 512
homeDrive: H:
homeDirectory: \\zentyal.domain.COM\name.surname
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: systemQuotas
objectClass: organizationalPerson
objectClass: user
memberOf: CN=OpenVPN,CN=Groups,DC=domain,DC=com
mail: name@domain.com
quota: 5000
whenChanged: 20141109102704.0Z
uSNChanged: 3942
distinguishedName: CN=Name Surname,CN=Users,DC=domain,DC=com
2. The user declaration above doesn't hold any certificate information. I've installed VPN module in Zentyal, but I don't want to actually run OpenVPN on the Zentyal server: I would just like to manage users on Zentyal. Therefore, if incorporating users with a certificate is possible in a simple manner, it would be very good to know.
Basically I would like to run Pfsense in front of Zentyal, but pfsense should query zentyal for user credentails and certificates. This is something we would like to have, since managing certificate authority in Zentyal is a breeze.
Any viewpoints are appreciated.
Thank you