I did configure an OpenvPN server with a LDAP authentication using the plugin openvpn-auth-ldap.
It works fine !
Now, I want to use two LDAP servers in order to avoid a single point of failure : if one of my LDAP server is not reachable by the OpenVPN server for any reason, the OpenVPN server will use the second LDAP server.
My two LDAP servers are Active Directory servers and are synchronized.
I think I need to add an URL line in the configuration file for openvpn-auth-ldap (/etc/openvpn/auth/ldap.conf) but I don't know if it is enough...
So, does someone configure the plugin with two or more LDAP servers ?
If yes, how do you handle this point ? Does it work fine ?
Code: Select all
# My file /etc/openvpn/auth/ldap.conf
<LDAP>
# LDAP server URL
URL ldap://IP_ldap1
# Bind DN (If your LDAP server doesn't support anonymous binds)
BindDN "CN=Bind User,OU=MyOU,DC=mydomain,DC=com"
# Bind Password
Password MyPasswordForBind
# Network timeout (in seconds)
Timeout 45 #15
</LDAP>
<Authorization>
# Base DN
BaseDN "DC=mydomain,DC=com"
# User Search Filter
SearchFilter "(&(sAMAccountName=%u))"
# Require Group Membership
RequireGroup true
<Group>
BaseDN "dc=mydomain,dc=com"
SearchFilter "(cn=Group_OpenVPN)"
MemberAttribute "member"
</Group>
</Authorization>