Additional LDAP Requirement: (Advanced) help

Ask questions about your Access Server configuration here.
Post Reply
teemleht
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 10, 2016 6:40 am

Additional LDAP Requirement: (Advanced) help

Post by teemleht » Thu Nov 10, 2016 6:52 am

Hello,

I'm currently using the latest Open VPN AMI in AWS (OpenVPN Access Server 2.1.4-fe8020db-5343-4c43-9e65-5ed4a825c931-ami-bc3566ab.3 (ami-3f788150)).

I've succesfully managed to create LDAP server that has identities from the account IAM.
However the LDAP server does not have the memberOf overlay and hence the example provided in the GUI cannot be used to ensure that the user is member of desired group in the LDAP tree.

I tried to find out for more information about the parameters you can use in the extended search, but was not able to find anything.
Would be nice if someone could point or give guidance on variables I can use in the search that would be replaced by the identity of the authenticating user.

My LDAP server is based on Apache DS 2.0.0-M17

My LDAP directory has the folowing base DN: "dc=iam,dc=aws,dc=org"

Users are located in : ou=users,dc=iam,dc=aws,dc=org
example user full DN: uid=<e-mail address>,ou=users,dc=iam,dc=aws,dc=org

Groups are located in ou=groups,dc=iam,dc=aws,dc=org
example group full DN : cn=VPN,ou=groups,dc=iam,dc=aws,dc=org

Group memeberships are in the group with the uids like this:
memberUid: <Uid>

As I'm not huge expert on LDAP would appreciate any help on making a search string that allows me to authorize only users in certain group to access via the VPN.

Kind regards
--
Teemu Lehtonen

teemleht
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 10, 2016 6:40 am

Re: Additional LDAP Requirement: (Advanced) help

Post by teemleht » Wed Nov 30, 2016 6:06 am

Hello,

The latest version of the iam-ldap-brige now has memberOf functionality and now everything is working with groups.

Kind regards
--
Teemu Lehtonen

Post Reply