OpenVPN LDAP Authentication

[Guest]

[n8hack]

Hey everybody. I have a set-up which I would like to get LDAP authentication working for OpenVPN.
I read a bunch of documentation about how to go about this and here is my /var/efw/openvpn/settings file

Code:

AUTHENTICATION_STACK=ldap,local
DOMAIN=mydomain.local
DROP_DHCP=
GLOBAL_DNS=...
GLOBAL_NETWORKS=...0/24
LDAP_BIND_DN=cn=admin,dc=mydomain,dc=local
LDAP_BIND_PASSWORD=mypassword
LDAP_URI=ldap://...
LDAP_USER_BASEDN=ou=people,dc=mydomain,dc=local
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(SAMAccountName=%(u)s))
OPENVPN_ENABLED=on
PORT=1194
PROTOCOL=udp
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=...
PURPLE_IP_END=...
PURPLE_NET=...0/24
PUSH_DOMAIN=
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on

unfortunately I can't connect with any LDAP user accounts as I just get invalid user error in the log. I can't see any attempt made by endian to query LDAP.
Anyone have any ideas? I tried openvpn-auth as well from something I read which suggested openvpn-auth -i to test but in 2.5.1 all one gets is -i is an invalid switch.
connecting with a local account works as usual.

Endian 2.5.1
LDAPv3 server

[n8hack]

Never Mind. The search filter was for Windows Active Directory. OpenLDAP doesn't have SAMAccountName in the tree.  Simple fix for anyone else looking to use this is
change the following line from my config:

Code:

LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(SAMAccountName=%(u)s))

to :

Code:

LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))

Mine works great now.