Active Directory Users

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
devlin
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 11, 2023 11:03 am

Active Directory Users

Post by devlin » Wed Jan 11, 2023 11:30 am

Hello,
I'm not sure whether I get it right, but even if I have LDAP authentication configured, I have to add users manually? Or can I somehow load them from AD? Thank you..

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Active Directory Users

Post by openvpn_inc » Sun Jan 15, 2023 1:50 am

Hello devlin,

With LDAP authentication configured you can choose one of two operation modes explained below. On modern Access Servers the mode can be selected with the "External user registration" option under Authentication > Settings, in the admin UI. On older Access Servers it was an option at the bottom of the User Permissions page that did the same thing.

Automatic registration disabled: Any user that is valid in LDAP and also already exists in the Access Server (just add the username spelled exactly the same way to User Permissions page) can log in. Any users that are not added by the administrator to Access Server's User Permissions page won't be able to login. This mode is active when you turn "Deny access to unlisted accounts by default" to "Yes".

Automatic registration enabled: Any user that is valid in LDAP, will be allowed to log in, and if they don't exist yet in Access Server, they will be added automatically the first time they log in at the Access Server. This mode is active when you turn "Deny access to unlisted accounts by default" to "No" (this is the default setting, meaning by default all users that have valid credentials on the default authentication backend are allowed to login).

Note that for this to work in your situation, LDAP must be the default authentication method, as this option only applies to the default authentication method. Also, there is no operating mode that copies all users in LDAP in one go into Access Server. It only happens as they log in first time. That of course doesn't make much of a difference for the end-user, but it may make a difference for the administrator if they need to set specific access control rules per user.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

devlin
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 11, 2023 11:03 am

Re: Active Directory Users

Post by devlin » Tue Jan 17, 2023 2:24 pm

Great, I understand. Thank you very much for explanation!

Post Reply