EFW Support

Support => VPN Support => Topic started by: nlemberger on Friday 16 April 2010, 07:24:25 am



Title: VPN & LDAP Authentication Fix Script
Post by: nlemberger on Friday 16 April 2010, 07:24:25 am
I added to the VPN authentication script in EFW 2.3 to make LDAP auth work.  Despite the KB article, it appears as far as I can tell by reading the source, that VPN auth will never work in 2.3 that way.  This works for me, I can't say it will work for you but I figured I'd post it here to give folks some insight.  You would need to fill out the variables in the VPN Auth function to match your directory.  Good Luck!

This is an updated (backup your original & this needs to be chmod 755) /usr/bin/openvpn-auth

[attached]


Title: Re: VPN & LDAP Authentication Fix Script
Post by: razametal on Friday 16 April 2010, 08:52:51 am
Great !

Do you know if it's possible to use the Zimbra (www .zimbra. com) LDAP tree?


Title: Re: VPN & LDAP Authentication Fix Script
Post by: nlemberger on Monday 19 April 2010, 08:59:07 am
It should work with any LDAP tree but you will probably have to modify the filter the find the correct DN's.

If not using eDir or if you have passwordless binds turned on, you should also probably add (I found this in my testbed with OpenLDAP):

if password == "":
     return False

to the top of the ldapAuth function - otherwise users will be able to connect if they just specify their username and a blank password.  I've updated the original post's attachment to reflect this addition.