Configure LDAP authentication on AZTCO-FW

From the web interface on pfSense:

  • Select System > User manager, Authentication servers tab
    • Click   Add to create a new entry
    • Enter a Descriptive name for this LDAP server, such as G Suite
    • Set Type to LDAP
    • The server settings depend on the AZTCO-FW software version installed on the firewall:
      • For AZTCO-FW Factory version 2.4.4-RELEASE-p1 or later:
        • Set the Hostname or IP address to ldap.google.com
        • Set Port value to 636
        • Set Transport to SSL – Encrypted
        • Set Peer Certificate Authority to Global Root CA List
        • Set Client Certificate to the entry imported previously, in this case G Suite LDAP
      • For AZTCO-FW CE or factory version 2.4.4-RELEASE using stunnel:
        • Set the Hostname or IP address to 127.0.0.1
        • Set Port value to 1636
        • Set Transport to TCP-Standard
    • Set Protocol version to 3
    • Set Server timeout = 25
    • Set Search scope to Entire tree

The next few settings are UNIQUE TO THE DOMAIN. For this example, assume that is example.com.

Warning: Substitute the actual domain when entering these values!
  • Set Base DN to the domain name in DN format, for example dc=example,dc=com
    • Set Authentication containers to the Base DN prepended by the Users organizational unit, for example:

ou=Users,dc=example,dc=com

  • Uncheck the Bind anonymous box to show the Bind Credentials fields
    • Set Bind credentials to the G Suite LDAP username and password that were created with the certificate and key

The remaining attributes are not specific to the domain, or are defaults

  • Set User naming attribute to uid
    • Set Group naming attribute to cn
    • Set Group member attribute to memberOf
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.