Title: LDAP auth
Post by: maxxer on Saturday 16 October 2010, 02:29:46 am
Hi I am following the kb article to enable LDAP auth, but I'm not succeeding. I'm using Zimbra as LDAP server, and my /var/efw/openvpn/settings looks like: AUTHENTICATION_STACK=ldap,local
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=mydomain.it
DROP_DHCP=
GLOBAL_DNS=10.22.22.1
LDAP_BIND_DN=cn=uid=zimbra,cn=admins,cn=zimbra
LDAP_BIND_PASSWORD=ldappwd
LDAP_GROUP_BASEDN=ou=groups,dc=mydomain,dc=it
LDAP_GROUP_MEMBERATTRIBUTE=uniqueMember
LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
LDAP_REQUIRE_GROUP=on
LDAP_URI=ldap://zimbraserver
LDAP_USER_BASEDN=ou=people,dc=mydomain,dc=it
LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
OPENVPN_ENABLED=on
OPENVPN_PORT=41194
PURPLECLIENT_BEGIN_DEVICE=tap2
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=10.22.22.231
PURPLE_IP_END=10.22.22.240
PUSH_DOMAIN=
PUSH_GLOBAL_DNS=
PUSH_GLOBAL_NETWORKS=
I don't need much filtering as in the example, so I stripped of some options. I just need users to be in the vpn group. Anything wrong? thanks
Title: Re: LDAP auth
Post by: maxxer on Sunday 17 October 2010, 08:44:34 am
ok this is the right config: LDAP_BIND_DN=uid=zimbra,cn=admins,cn=zimbra
LDAP_BIND_PASSWORD=MYLDAPPASS
LDAP_GROUP_BASEDN=ou=groups,dc=MYDOMAIN,dc=it
LDAP_GROUP_MEMBERATTRIBUTE=memberUid
LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
LDAP_REQUIRE_GROUP=on
LDAP_URI=ldap://MYZIMBRASERV
LDAP_USER_BASEDN=ou=people,dc=MYDOMAIN,dc=it
LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
|