I am attempting to configure OpenVPN to use openldap to authenticate our Active Directory users who are a member of our VPN group in AD. Here is my ldap config for OpenVPN. Specifically I need the filter string to allow enabled users who are a member of the _VPN group. The one you see below is from an example script I found that explains how to configure LDAP for openvpn.

 

SearchFilter    "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"

 

Any help is appreciated!

 

 

 

<LDAP>

# LDAP server URL

URL             ldap://172.16.1.70

 

# Bind DN (If your LDAP server doesn't support anonymous binds)

BindDN                CN=ldapusername,OU=LDAP,DC=example,DC=local

# Bind Password cn=vmail password

Password              *******

 

# Network timeout (in seconds)

Timeout         15

 

</LDAP>

 

<Authorization>

# Base DN

BaseDN          "dc=example,dc=local"

# User Search Filter

SearchFilter    "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"

# Require Group Membership

RequireGroup    false

</Authorization>

 

Josh Cole

Network and Systems Engineer

Fresno Pacific University

(559) 453-3414