openvpn ldap

# cat server.conf
local 172.16.0.114
port 4443
proto udp
dev tun
ca keys/ca.crt
cert keys/issued/vpn-server.crt
key keys/private/vpn-server.key
dh keys/dh.pem
mode server
tls-server
tls-auth keys/ta.key 0
server 10.88.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
username-as-common-name
tun-mtu 1400
script-security 2
client-to-client
#auth MD5
daemon
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 100
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so auth/ldap.conf
# cat auth/ldap.conf
<LDAP>
    URL             ldap://10.12.255.9:389
    BindDN          "CN=user_ghgh,OU=yhnuhui,OU=ertverter,DC=ertert,DC=ertvertv,DC=ru"
    Password        BLHyuiyuiyumyuiymwn352
    Timeout         15
    TLSEnable       no
    FollowReferrals yes
</LDAP>

<Authorization>
        BaseDN          "OU=retgert,OU=ertbret,DC=corp,DC=ertvertv,DC=ertvert"
        SearchFilter    "(sAMAccountName=%u)"
        RequireGroup    false
</Authorization>
# IF USER EXITS IN GROUP
<LDAP>
    URL             ldap://rtbertver
    BindDN          "CN=openvpn,OU=ertvertv,OU=fghbfghb,DC=fghbfgh,DC=fghbfghb,DC=fsdfsdf"
    Password        DFCSDFCSDFdfdf
    Timeout         15
    TLSEnable       no
    FollowReferrals yes
</LDAP>

<Authorization>
        BaseDN          "ou=fdgvbdfg,ou=dgfvfdg,DC=fgbfg,DC=dfgvdf,DC=dfgvdf"
        SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=ACL-VPN,ou=VPN,ou=Local Security Groups,ou=Admin,DC=certver,DC=ertvertv,DC=csdfcsdf))"
        RequireGroup    false
</Authorization>

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>