This document describes the process of Authenticating Users in OpenVPN against LDAP.
The extension is a script that is called by the openVPN Server which starts a query towards LDAP asking if the given user is is the specified group and if the server-name/passwords are correct.
#add this line to /var/ipfire/ovpn/scripts/server.local.conf
auth-user-pass-verify /var/ipfire/`ovpnldapauth`.sh via-env
# add this line to /var/ipfire/ovpn/scripts/client.local.conf
auth-user-pass
#!/bin/bash
searchDN = "DC=contoso,DC=com"
searchUser = "CN=ipfire,OU=users,DC=contoso,DC=com"
searchUserPW = "password"
LDAPHost = "10.0.0.1"
RES=$(echo "$username $password" | /usr/lib/squid/basic_ldap_auth -b "$searchDN" -f "(&(objectClass=person)(sAMAccountName=%s))" -D $searchUser -w $searchUserPW -R -H $LDAPHost
if [ $RES = "OK" ]
then
exit 0
else
exit 1
fi
Older Revisions • November 8, 2021 at 2:32 pm • floro