==== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian
- Related log if you're reporting an issue:
====
Hi,
I am currently trying to authenticate ldap users with my firewall for vpn purposes. I am able to authenticate just using the DN but this allows everyone in the LDAP directly to authenticate. So this is what I've done, i have added a child entry under groups in the specified domain so my LDAP tree looks something like this:
dc=something,dc=com
o=domains
domainName=something.com
ou=Aliases
ou=Externals
ou=Groups
cn=vpnUsers
ou=Users
dn for the vpnUsers group which ends up being cn=vpnUsers,ou=Groups,domainName=something.com,o=domains,dc=something,dc=com
So I am able to enter this in my firewall but when i try to establish my VPN connection it fails, I can enter the dn for the whole ldap server (dc=something,dc=com) and authentication works an I am able to establish a vpn connection.
Has anyone else ran into this or know how to make authentication against groups work. The firewall I am using is a fortigate 100D.