See how to create OpenLDAP group membership by following the guide below Member: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com Member: uid=koromicha,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com In regards to group authentication, if you want to enforce a more fine grained OpenVPN access control such that only specific users authenticating via OpenLDAP can connect to OpenVPN server, you can utilize OpenLDAP group membership.įor example, in our OpenLDAP server, we have a VPN only group which contains only users that are allowed to connect to OpenVPN server ldapsearch -Y ExTERNAL -H ldapi:/// -b ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com -LLL -Q "(cn=vpnonly)" dn: cn=vpnonly,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com Make your appropriate configurations īindDN cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=comīaseDN "ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com" vim /etc/openvpn/auth/nfīelow is our sample configuration (with no commented lines) as per our OpenLDAP server setup. Next, open the configuration file for editing. Once that is done, copy the sample configuration file cp /usr/share/doc/openvpn-auth-ldap/examples/nf /etc/openvpn/auth/nf If the directory/file doesn’t exist, simply create one mkdir /etc/openvpn/auth Open the OpenVPN LDAP based authentication configuration file and define your OpenLDAP server specifics Ĭreate a backup of the configuration. Once you have the necessary plugins in place, the next thing would be to configure OpenVPN server for LDAP based authentication. On Ubuntu systems, you will find the sample OpenVPN LDAP auth configuration under /usr/share/doc/openvpn-auth-ldap/examples/nf Configure OpenVPN server for LDAP Based Authentication The package also installs OpenVPN LDAP authentication configuration file, /etc/openvpn/auth/nf. The modules can also be found under, /usr/lib/openvpn, directory. In this demo, we are running an OpenVPN server on CentOS 7 system.Īfter the installation of the openvpn-auth-ldap package, you should now be having the required modules under the /usr/lib64/openvpn directory. On CentOS 8, unfortunately, the EPEL repos don’t provide this package as of this writing.
On Ubuntu systems apt install openvpn-auth-ldap On CentOS 7, you need EPEL repos to install the plugin yum install epel-release yum install openvpn-auth-ldap The plugin is called openvpn-auth-ldap and it implements username/password authentication via LDAP for OpenVPN. To configure OpenVPN LDAP based authentication, you need to install OpenVPN plugin for LDAP authentication. Install and Setup OpenLDAP on CentOS 8 Configure OpenVPN LDAP Based Authentication Install OpenVPN plugin for LDAP authentication
0 kommentar(er)
