How to customize and extend your OpenVPN installation.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
Yacudzer
- OpenVPN User
- Posts: 25
- Joined: Tue Apr 28, 2020 8:55 pm
Post
by Yacudzer » Wed Sep 02, 2020 3:39 pm
I tried to add LDAP authentication using module openvpn-auth-ldap and I see some troubles:
- this LDAP module cannot work correctry using SSL (ldaps);
- if I add module openvpn-auth-ldap, I cannot to use certificate authentication;
I need to make next configuration of my server:
- using certificate for authentication;
- if no certificate - check login and passoword using LDAPs;
- if no login and password - reject with authentication.
I would to ask - should I create a script or can it be implemented using standard method??
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed Sep 02, 2020 7:04 pm
Yacudzer wrote: ↑Wed Sep 02, 2020 3:39 pm
should I create a script or can it be implemented using standard method??
There are options which get you
part way there.
See the manual for --client-cert-not-required and --auth-user-pass-optional
Your script will
ultimately have to be
the arbiter ..
-
Yacudzer
- OpenVPN User
- Posts: 25
- Joined: Tue Apr 28, 2020 8:55 pm
Post
by Yacudzer » Thu Sep 03, 2020 5:57 am
TinCanTech wrote: ↑Wed Sep 02, 2020 7:04 pm
Yacudzer wrote: ↑Wed Sep 02, 2020 3:39 pm
should I create a script or can it be implemented using standard method??
There are options which get you
part way there.
See the manual for --client-cert-not-required and --auth-user-pass-optional
Your script will
ultimately have to be
the arbiter ..
I understanding that such task cannot be solved without a script?
And I read that using option --verify-client-cert better than --client-cert-not-required, isnt it?
And with wich option I must to start verification script?
Thanks!
