VPN & LDAP Authentication Fix Script

[Guest]

[nlemberger]

I added to the VPN authentication script in EFW 2.3 to make LDAP auth work.  Despite the KB article, it appears as far as I can tell by reading the source, that VPN auth will never work in 2.3 that way.  This works for me, I can't say it will work for you but I figured I'd post it here to give folks some insight.  You would need to fill out the variables in the VPN Auth function to match your directory.  Good Luck!

This is an updated (backup your original & this needs to be chmod 755) /usr/bin/openvpn-auth

[attached]

[razametal]

Great !

Do you know if it's possible to use the Zimbra (www .zimbra. com) LDAP tree?

[nlemberger]

It should work with any LDAP tree but you will probably have to modify the filter the find the correct DN's.

If not using eDir or if you have passwordless binds turned on, you should also probably add (I found this in my testbed with OpenLDAP):

if password == "":
     return False

to the top of the ldapAuth function - otherwise users will be able to connect if they just specify their username and a blank password.  I've updated the original post's attachment to reflect this addition.