Server ignores LDAP confirmation

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
DavidRosa1810
OpenVpn Newbie
Posts: 3
Joined: Wed Mar 11, 2020 8:35 am

Server ignores LDAP confirmation

Post by DavidRosa1810 » Fri Apr 24, 2020 2:51 pm

I recently changed my server's authentication method to LDAP. I am using a script to take the given credentials and verify them against a LDAP server in my network. When i try to connect as client i am prompted to give my username and password, but it not only connects me with the right credentials, but also when i enter some fake ones.
Here's my server .conf file:
Server config
local 192.168.4.101
port 1400

proto udp
dev tap0

ca /etc/openvpn/ca.crt
cert /etc/openvpn/uranus.crt
key /etc/openvpn/uranus.key
dh /etc/openvpn/dh2048.pem

;auth SHA512
;tls-crypt tc.key
topology subnet
;server 10.8.0.0 255.255.255.0
;server-bridge 10.240.32.1 255.255.248.0 10.240.36.0 10.240.39.254
server-bridge

push "redirect-gateway def1"
push "dhcp-option DNS 10.240.32.1"

client-to-client


client-connect /etc/openvpn/scripts/openvpn-connect.sh
client-disconnect /etc/openvpn/scripts/openvpn-disconnect.sh
script-security 2
duplicate-cn

;ifconfig-pool-persist ipp.txt
;push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher AES-256-CBC

user nobody
group nogroup

persist-key
persist-tun

status /etc/openvpn/log/openvpn-status.log

log-append /etc/openvpn/log/openvpn.log
verb 4
;crl-verify crl.pem
;explicit-exit-notify

auth-user-pass
username-as-common-name
auth-user-pass-verify ldapsearch-auth.sh via-file


I think it is sort of ignoring the script authenticating on the certificate alone.
If you need any more files tell me and i'll post them.
Last edited by Pippin on Fri Apr 24, 2020 3:21 pm, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server ignores LDAP confirmation

Post by TinCanTech » Fri Apr 24, 2020 2:59 pm

DavidRosa1810 wrote:
Fri Apr 24, 2020 2:51 pm
I think it is sort of ignoring the script authenticating on the certificate alone.
Yeah, my computer is always ignoring me too ...

viewtopic.php?f=30&t=22603

Post Reply