Alex 'AdUser' Z
||7 years ago|
|src||7 years ago|
|tests||8 years ago|
|CMakeLists.txt||7 years ago|
|LICENSE||7 years ago|
|README.md||7 years ago|
This is alternative LDAP auth module for openvpn.
- openvpn headers
- libldap headers
cmake -DCMAKE_BUILD_TYPE=Release . make make test sudo make install
Firstly, you need to create config file for module. Example config:
# this is comment # server(s) to connect bindurls ldap://127.0.0.1 ldaps://172.16.17.1 # username for binding binddn cn=openvpn-auth,dc=example,dc=com # password for binding bindpass strong-password # timeout on bind operation bindtimeout 10 # be more verbose debug 0 # where to search for users basedn OU=users,DC=example,DC=com # allow only users who match this filter userfilter (&(objectClass=inetOrgPerson)(user=%u)(memberOf=CN=openvpn-users,CN=groups,DC=example,DC=com))
...where %u is a placeholder for username.
You may test your config with special tool, named
This tool takes line with username and password separated by space(s) and says is auth successfull or not.
If everything works fine, you'll can continue.
Next you need to move this config to secure place and make sure that only root can read it.
mv auth-ldap.conf /etc/openvpn/ cd /etc/openvpn/ chmod 600 auth-ldap.conf chown root:root auth-ldap.conf
Next, you need load your plugin in openvpn config. Add this line to actual config:
plugin /usr/lib/openvpn/openvpn-plugin-auth-ldap.so "/etc/openvpn/auth-ldap.conf"
... and restart oenvpn.
This project is a replacement for original openvpn-ldap-auth, which written in obj-c and requires half of gnustep as deps.
This project has no goal being 1:1 compatible with original. Also, some important features still missing (like SSL/TLS encryption). But it's works, and can save you from installing a bunch of GNUStep bloatware.
If you want some feature or found a bug, please open an issue on github.