Additional LDAP Requirement: (Advanced) help

[teemleht]

Hello,

I'm currently using the latest Open VPN AMI in AWS (OpenVPN Access Server 2.1.4-fe8020db-5343-4c43-9e65-5ed4a825c931-ami-bc3566ab.3 (ami-3f788150)).

I've succesfully managed to create LDAP server that has identities from the account IAM.
However the LDAP server does not have the memberOf overlay and hence the example provided in the GUI cannot be used to ensure that the user is member of desired group in the LDAP tree.

I tried to find out for more information about the parameters you can use in the extended search, but was not able to find anything.
Would be nice if someone could point or give guidance on variables I can use in the search that would be replaced by the identity of the authenticating user.

My LDAP server is based on Apache DS 2.0.0-M17

My LDAP directory has the folowing base DN: "dc=iam,dc=aws,dc=org"

Users are located in : ou=users,dc=iam,dc=aws,dc=org
example user full DN: uid=<e-mail address>,ou=users,dc=iam,dc=aws,dc=org

Groups are located in ou=groups,dc=iam,dc=aws,dc=org
example group full DN : cn=VPN,ou=groups,dc=iam,dc=aws,dc=org

Group memeberships are in the group with the uids like this:
memberUid: <Uid>

As I'm not huge expert on LDAP would appreciate any help on making a search string that allows me to authorize only users in certain group to access via the VPN.

Kind regards
--
Teemu Lehtonen

[teemleht]

Hello,

The latest version of the iam-ldap-brige now has memberOf functionality and now everything is working with groups.

Kind regards
--
Teemu Lehtonen