Assigning Active Directory user as Superuser/Admin

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
skpt
OpenVpn Newbie
Posts: 1
Joined: Fri Mar 10, 2017 7:32 am

Assigning Active Directory user as Superuser/Admin

Post by skpt » Fri Mar 10, 2017 2:02 pm

I am running openvpn AS 2.1.4 on ubuntu server 13.10 and have switched from Local authentication to LDAP. The LDAP works fine but now the two assigned admin users (that were in Local) don't have admin rights to login to the admin UI. How can I assign a user an LDAP/AD user as admin/super user?
I can access the admin UI using openvpn as the user.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Assigning Active Directory user as Superuser/Admin

Post by novaflash » Fri Mar 17, 2017 9:00 am

The way this works is that with LDAP, the username that you enter when logging on (billy.bob) is sent to the LDAP server. Then the LDAP server looks this up with a case insensitive search (usually) and finds the account as Billy.Bob with capital letters. If the username and password check out, the username is reported back to the Access Server. The Access Server then does a case sensitive search in User Permissions for Billy.Bob, because that is the username that the LDAP server reports back and this is leading.

If the username isn't found with that exact spelling and capitalization, then any special settings won't be applied. Things like the admin flag will just not apply then. So kindly make sure the spelling and case under User Permissions matches 100% with the username as it is known in the LDAP server, and it should then work.

This is different from the behavior with LOCAL authentication. In LOCAL authentication, a case insensitive search is done.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply