I've found easy scripts for use in OpenVPN to authentication with LDAP (I'm tested on Windows AD). It's solution from Selivanov Pavel.
1. Install OpenVPN in normal step.
2. Install OpenLDAP in normal step.
3. create "ldap-check-user.sh" script in OpenVPN directory
#!/bin/bash
bind_dn="cn=<user>,cn=Users,dc=domain,dc=com"
bind_pass="<password>"
host=rserver
port=389
dn=`ldapsearch -x -D "$bind_dn" -w $bind_pass -h $host -p $port -LLL -s sub \
-b "cn=Users,dc=radix-tools" "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$username))" "dn" | cut -d':' -f 2`
if [ $? != 0 ]; then
echo "Error: user $username not found."
exit 1
fi
ldapsearch -x -D "$dn" -w $password -h $host -p $port -LLL -s sub \
-b "cn=Users,dc=domain,dc=com" "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$username))" > /dev/null 2>&1
if [ $? != 0 ]; then
echo "Error: password for $username is incorrect."
exit 1
fi
exit 0
4. Insert "auth-user-pass-verify ldap-check-user.sh via-env" in OpenVPN server configuration file.
5. Insert "auth-user-pass" in OpenVPN client configuration file.
6. Enjoy.
Thanks for solution from Selivanov Pavel
http://serverfault.com/questions/333426/openvpn-plugin-openvpn-auth-ldap-does-not-bind-to-active-directory
ไม่มีความคิดเห็น:
แสดงความคิดเห็น