Page 1 of 1
LDAP or certificate authentication
Posted: Wed Sep 02, 2020 3:39 pm
by Yacudzer
I tried to add LDAP authentication using module openvpn-auth-ldap and I see some troubles:
- this LDAP module cannot work correctry using SSL (ldaps);
- if I add module openvpn-auth-ldap, I cannot to use certificate authentication;
I need to make next configuration of my server:
- using certificate for authentication;
- if no certificate - check login and passoword using LDAPs;
- if no login and password - reject with authentication.
I would to ask - should I create a script or can it be implemented using standard method??
Re: LDAP or certificate authentication
Posted: Wed Sep 02, 2020 7:04 pm
by TinCanTech
Yacudzer wrote: ↑Wed Sep 02, 2020 3:39 pm
should I create a script or can it be implemented using standard method??
There are options which get you
part way there.
See the manual for --client-cert-not-required and --auth-user-pass-optional
Your script will
ultimately have to be
the arbiter ..
Re: LDAP or certificate authentication
Posted: Thu Sep 03, 2020 12:26 am
by TinCanTech
Also, EasyTLS could provide you the security barrier which you seek:
https://github.com/TinCanTech/easy-tls
Re: LDAP or certificate authentication
Posted: Thu Sep 03, 2020 5:57 am
by Yacudzer
TinCanTech wrote: ↑Wed Sep 02, 2020 7:04 pm
Yacudzer wrote: ↑Wed Sep 02, 2020 3:39 pm
should I create a script or can it be implemented using standard method??
There are options which get you
part way there.
See the manual for --client-cert-not-required and --auth-user-pass-optional
Your script will
ultimately have to be
the arbiter ..
I understanding that such task cannot be solved without a script?
And I read that using option --verify-client-cert better than --client-cert-not-required, isnt it?
And with wich option I must to start verification script?
Thanks!