I have on an OpenVPN server with the ldap plugin in the syslog the following error message, as long as connections are active:
openvpn: LDAP search failed: Referral (0000202B: RefErr: DSID-0310084A, data 0, 1 access points#012#011ref 1: 'example.com'#012)
This is my plugin config:
As you can see „RequireGroup“ is set to „false“. Can someone explain why "example.com" is still queried at AD?
Code: Select all
<LDAP> # LDAP server URL URL ldap://dc01.my.company.com BindDN "CN=ldapquery,OU=ldap,OU=services,OU=department1,DC=my,DC=company,DC=com" Password "XXXXXXXXXXXXXXXXXXX" Timeout 15 FollowReferrals yes </LDAP> <Authorization> BaseDN "OU=department1,DC=my,DC=company,DC=com" SearchFilter "(&(sAMAccountName=%u)(msNPAllowDialin=TRUE))" RequireGroup false <Group> # Default is true. Match full user DN if true, uid only if false. # RFC2307bis true # Default is true. Uncomment and set to false if you want to use a Search operation to determine group # membership instead of Compare. Lower performance, so Compare should generally be used, but Search is # required in certain LDAP environments. # UseCompareOperation true BaseDN "ou=Groups,dc=example,dc=com" SearchFilter "(|(cn=developers)(cn=artists))" MemberAttribute uniqueMember # Add group members to a PF table (disabled) #PFTable ips_vpn_eng </Group> </Authorization>