This document describes the process of Authenticating Users in OpenVPN against LDAP.
The extension is a script that is called by the openVPN Server which starts a query towards LDAP asking if the given user is is the specified group and if the server-name/passwords are correct.
#add this line to /var/ipfire/ovpn/scripts/server.local.conf auth-user-pass-verify /var/ipfire/`ovpnldapauth`.sh via-env
# add this line to /var/ipfire/ovpn/scripts/client.local.conf auth-user-pass
#!/bin/bash searchDN = "DC=contoso,DC=com" searchUser = "CN=ipfire,OU=users,DC=contoso,DC=com" searchUserPW = "password" LDAPHost = "10.0.0.1" RES=$(echo "$username $password" | /usr/lib/squid/basic_ldap_auth -b "$searchDN" -f "(&(objectClass=person)(sAMAccountName=%s))" -D $searchUser -w $searchUserPW -R -H $LDAPHost if [ $RES = "OK" ] then exit 0 else exit 1 fi