Authenticating OpenVPN against Active Directory

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).
Post Reply
bonne
OpenVPN User
Posts: 10
Joined: Sun Jun 14, 2015 8:01 am

Authenticating OpenVPN against Active Directory

Post by bonne » Thu Aug 31, 2017 4:23 am

OpenVPN on OpenBSD and Auth-LDAP.conf in place. The "LDAP"-part is working, but I cannot get the "Authorization"-part to work as I want it to work.

I would like to grant users from specific OU's access to VPN if they are member of the security group "openvpn". I think I need to know how to query SearchFilter correctly. This is my Authorization part of Auth-LDAP-conf:

<Authorization>
# Base DN
BaseDN "OU=Users,OU=MyBusiness,DC=danske-seniorer,DC=dk"


Here I would like to select one (or more) BaseDN's and include their sub DN's Can this be done?

# User Search Filter
# SearchFilter "(&(cn=%u)(accountStatus=active))"
SearchFilter "(objectClass=*)"


If I use "SearchFilter"(&(cn (or uid)=%u)(accountStatus=active))"", I am not getting authorized at all. With "SearchFilter "(objectClass=*)"" I get authenticated if I choose a BaseDN with only one object and logs on with this.


# Require Group Membership
RequireGroup false

# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users

<Group>
BaseDN "OU=Somethings,OU=MyBusiness,DC=santa,DC=claus"
SearchFilter "((cn=openvpn))"
MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
</Group>
</Authorization>



How to do things correctly in my case?

Regards, Lars.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2808
Joined: Fri Jun 03, 2016 1:17 pm

Re: Authenticating OpenVPN against Active Directory

Post by TinCanTech » Thu Aug 31, 2017 12:20 pm

What version of openvpn is that ?

bonne
OpenVPN User
Posts: 10
Joined: Sun Jun 14, 2015 8:01 am

Re: Authenticating OpenVPN against Active Directory

Post by bonne » Thu Aug 31, 2017 12:35 pm

2.4.1 but it is ported to OpenBSD

klanimantsi
OpenVpn Newbie
Posts: 9
Joined: Mon Sep 04, 2017 9:00 am

Re: Authenticating OpenVPN against Active Directory

Post by klanimantsi » Tue Sep 05, 2017 9:55 am

Hmm, it's 2.4.1 for sure?

Post Reply