Hello All, I have OpenLDAP (2.4.31-1+nmu2ubuntu8.2) setup to authenticate users on our LAN with ActiveDirectory using SASL passthrough.
I want to give some of these users access to VPN (OpenVPN) services (auth with the same OpenLDAP server above) however I want to give them an {SHA1} password to access the VPN.
I've created another OU (OU=vpnuser) and simply duplicated the entire user entry into it. I have the VPN server using a searchbase of "OU=vpnuser.." and things are working as I want... sort of..
Some software on the LAN finds two users in ldap now so I explicitly exclude OU=vpnuser from searchbases (!OU=vpnuser). ugh..
Is there a better way to accomplish what I am trying to do? Give the same user two different passwords in the ldap tree?
Thanks
Hi,
You could use a filter to restrict the responses returned to the VPN server based on the IP address of the server performing the query?
Regards /Cole
On 3 March 2016 at 17:01, dev devuan.2@gmail.com wrote:
Hello All, I have OpenLDAP (2.4.31-1+nmu2ubuntu8.2) setup to authenticate users on our LAN with ActiveDirectory using SASL passthrough.
I want to give some of these users access to VPN (OpenVPN) services (auth with the same OpenLDAP server above) however I want to give them an {SHA1} password to access the VPN.
I've created another OU (OU=vpnuser) and simply duplicated the entire user entry into it. I have the VPN server using a searchbase of "OU=vpnuser.." and things are working as I want... sort of..
Some software on the LAN finds two users in ldap now so I explicitly exclude OU=vpnuser from searchbases (!OU=vpnuser). ugh..
Is there a better way to accomplish what I am trying to do? Give the same user two different passwords in the ldap tree?
Thanks
openldap-technical@openldap.org
-
Cole -
dev