Created
September 28, 2017 06:54
-
-
Save aduzsardi/49c2075f794bd101316a036e78d075fb to your computer and use it in GitHub Desktop.
openvpn auth-ldap plugin config for ActiveDirectory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <LDAP> | |
| # recomanded setting for URL is your AD domain FQDN , enable TLS and set the correct TLSCACertFile | |
| URL ldap://10.100.10.100 | |
| # Bind DN for active directory can be | |
| # a DN like CN=User01,OU=test,DC=domain,DC=lan | |
| # user@DOMAIN , where DOMAIN is your ActiveDirectory NetBios domain name | |
| # [email protected] , where domain.lan is your ActiveDirectory FQDN , this is called UPN or userPrincipalName | |
| BindDN CN=User01,OU=test,DC=domain,DC=lan | |
| Password P@ssw0rd | |
| Timeout 15 | |
| TLSEnable no | |
| FollowReferrals no | |
| TLSCACertFile /usr/local/etc/ssl/ca.pem | |
| TLSCACertDir /etc/ssl/certs | |
| TLSCertFile /usr/local/etc/ssl/client-cert.pem | |
| TLSKeyFile /usr/local/etc/ssl/client-key.pem | |
| #TLSCipherSuite ALL:!ADH:@STRENGTH | |
| </LDAP> | |
| <Authorization> | |
| BaseDN "OU=test,DC=domain,DC=lan" | |
| # %u whould be replaced by the username entered by the client and searched under 'OU=test,DC=domain,DC=lan' , which also has to be a member of the 'testing_group' | |
| SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=testing_group,OU=test,DC=domain,DC=lan))" | |
| RequireGroup false | |
| #PFTable ips_vpn_users | |
| #<Group> | |
| #BaseDN "ou=Groups,dc=example,dc=com" | |
| #SearchFilter "(|(cn=developers)(cn=artists))" | |
| #MemberAttribute uniqueMember | |
| # Add group members to a PF table (disabled) | |
| #PFTable ips_vpn_eng | |
| #</Group> | |
| </Authorization> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment