diff --git a/source/manual/how-tos/user-ldap.rst b/source/manual/how-tos/user-ldap.rst index 32a4c158..b7bec757 100644 --- a/source/manual/how-tos/user-ldap.rst +++ b/source/manual/how-tos/user-ldap.rst @@ -136,9 +136,17 @@ If not (or your entered invalid credentials) it shows: Step 3 - Enable the authentication server ----------------------------------------- -Go to :menuselection:`System --> Access --> Settings --> Administration` and under the **Authentication** section at the bottom, change +Go to :menuselection:`System --> Settings --> Administration` and under the **Authentication** section at the bottom, change the **Server** dropdown to your newly added LDAP server and save. +.. Warning:: + + Before changing the gui access to require LDAP, make sure at least one user is allowed to access the + firewall with remote credentials. This can be achieved either by adding the :code:`All pages` privilege to the + user or making sure the user is member of a group with that privilege. + + To prevent being locked out, you can add "Local Database" as secondary option during your test. + Step 4 - Import Users --------------------- @@ -164,13 +172,13 @@ A new form will be show with the individual users, select the ones you like to i (not available in the community version of OPNsense) -Step 5 - Update LDAP user privileges ------------------------------------- +Step 4a - Update LDAP user privileges +......................................... Now if you go to :menuselection:`System --> Access --> Users` you will see all users including the newly imported LDAP users. You can create a specific group for these users to easily manage the privileges or use one of your earlier created groups. -When opening a LDAP user (edit) via the pecil icon right next to the name, you will +When opening a LDAP user (edit) via the pencil icon right next to the name, you will notice the difference as the **User Distinguished name** will be shown from the LDAP server, just like this: @@ -180,16 +188,3 @@ LDAP server, just like this: .. TIP:: See :doc:`user-local` for more information on User, Groups and privileges. -Step 6 - Update system access settings --------------------------------------- -Now we have configured, verified and imported the users from our LDAP server, we -need to change the default settings to allow LDAP users to log in. - -Go to :menuselection:`System --> Access --> Settings` and change the Authentication Server from -**Local Database** to your newly created **LDAP** server. Leave the fallback on -**Local Database** and click on **Save and Test**. - -The test result should look like this: - -.. image:: images/user_testresult_ldap.png - :width: 80%