OpenVPN and LDAP

Questions to IPFire Addons.
Post Reply
spiccardi
Posts: 2
Joined: June 21st, 2016, 12:23 pm

OpenVPN and LDAP

Post by spiccardi » June 21st, 2016, 12:37 pm

Hi,

I'm trying to follow these instructions:

http://wiki.ipfire.org/en/configuration ... ldap/start

But those don't work.

In my installation (and in any packfire packages I can see) there is nothing about the php ldap extensions functions (like ldapconnect and so on) that are called by the ovpnldapauth.php script showed in that page. Nothing about ldap is installed under /usr/lib/php/ nor in other place on the system.

I'm missing something?

Regards
Simone

spiccardi
Posts: 2
Joined: June 21st, 2016, 12:23 pm

Re: OpenVPN and LDAP

Post by spiccardi » June 22nd, 2016, 5:15 pm

I solved the problem in a different way, without any other addons (I could not find anything providing what I need), and avoiding perl (the only one that seems to have support for LDAP client functions) because I not proficient enough for that language.

The only useful instruction in the wiki page (http://wiki.ipfire.org/en/configuration ... ldap/start) are adding:

Code: Select all

# line to authenticate
auth-user-pass-verify /root/ovpnldapauth via-env
to /var/ipfire/ovpn/scripts/server.conf.local (this file can be used to have configuration added to the server side) and:

Code: Select all

# client side require authentication
#auth-user-pass
to /var/ipfire/ovpn/scripts/client.conf.local (this file can be used to have configuration added to the client package), and using as ovpnldapauth script to authenticate the following code:

Code: Select all

#!/bin/bash

BASE="ou=People,dc=domain,dc=my"
URI=ldaps://my.ldap.server
FILTER='(uid=%s)'

RES=$(echo $username $password | 
	/usr/lib/squid/basic_ldap_auth -b "$BASE" -v3 -f $FILTER -H $URI)

if [ "$RES" = "OK" ]; then
	exit 0
else
	exit 1
fi
(put your values on variable, you can use a more sophisticated filter). That's a quite raw solution, it can be made much better, but it works.

Regards
Simone

PS please at least mark as incomplete the wiki page, its indications are seriously misleading.

c909
Posts: 35
Joined: January 6th, 2014, 2:50 pm

Re: OpenVPN and LDAP

Post by c909 » August 17th, 2016, 9:35 pm

Hi,
thanks for your effort on ovpn. I changed my article about the php auth. When I created it I managed to compile PHP on my ipFire machhine including LDAP.

I suppose your solution is better than mine. I am gonna try it out and replace the the wiki entry to make this work :-)

cheers,
c909

Post Reply