LDAP server letting anything in
Posted: Mon Jul 19, 2021 1:46 pm
Hi, I am trying to build openvpn with LDAP and google authenticator, both of which will need a correct authentication to let people in.
I'm trying to work through this, step by step and I'm getting problems with the LDAP configuration.
Somehow, this server will let me on irrespective of what I type as the password in the client.
My server.conf file looks like this:
I'm sure I'm missing something silly, but none of the documentation I can find will tell me what I should be doing in this situation.
I'm trying to work through this, step by step and I'm getting problems with the LDAP configuration.
Somehow, this server will let me on irrespective of what I type as the password in the client.
Code: Select all
<LDAP>
URL "ldaps://ldaps.########.###"
BindDN "openvpnldap@#######.###"
Password "##############"
Timeout 60
TLSEnable no
FollowReferrals yes
TLSCACertDir /etc/ssl/certs
</LDAP>
<Authorization>
PasswordIsCR true
BaseDN "OU=AADDC Users,DC=olmgroup,DC=com"
SearchFilter "(mail=%u)"
RequireGroup false
</Authorization>Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "route 10.160.0.0 255.255.0.0"
#push "route 10.160.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
status-version 2
verb 4
reneg-sec 36000
tls-server
tmp-dir "/etc/openvpn/tmp/"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so ldap.config
plugin /usr/lib/openvpn/openvpn-otp.so "debug=1 password_is_cr=1 otp_secrets=/etc/openvpn/auth/otp-secrets"
log-append /var/log/openvpn/openvpn.log
#duplicate-cn
ifconfig-pool-persist "/etc/openvpn/ipp.txt"
management localhost 5555
username-as-common-name