Go to your IPA admin page and create a new user named opnsense. Log in once on any computer joined to the FreeIPA realm and set their password (since the one you provide upon account creation will be expired), then logout.
Next we are going to go to System -> Access -> Servers and add an LDAP Server.
| Server | ipa.example.com |
| Port | 389 |
| Transport | TCP - Standard |
| Peer Certificate Authority | # use whatever you have set up on OPNSense. Set up a simple CA if you have none> |
| Protocol Version | 3 |
| Bind Credentials User_DN | uid=opnsense,cn=users,cn=accounts,dc=example,dc=com |
| Bind Credentials Password | # Password for the opnsense user we created earlier. |
| Search Scope | Entire Subtree |
| Base DN | dc=example,dc=com |
| Authentication Containers | # select all options from the list |
| User Naming Attribute | uid |
Go to System -> Access -> Tester and try logging in with an IPA user to test your configuration. You should be able to successfully authenticate any IPA user here.
Go to System -> Access -> Users and click the cloud import button in the bottom right to begin importing an LDAP user.
With version 21.7.7, I did not have the option to "cloud import" on step 3.
To activate that, I first had to go to System -> Settings -> Administration
Under the Authentication section, I selected the IPA server and Local Database
Then I was able to use the "cloud import"