next »

[CraigZA]

Hey all, trying to setup LDAP authentication for OpenVPN against my SME Server LDAP, but I'm getting stuck on some of the parameters, can anyone assist?

Hostname or IP address = x.x.x.x (my SME server IP goes here)
Port value = 389
Transport = TCP-Standard
Protocol version = 3
Level: One level

Base DN = ??  (forums suggest dc=company;dc=com)
Authentication containers = ?? (again, forums suggest ou=Users;dc=company;dc=com)

Bind credentials = Use anonymous ticked
Initial template = OpenLDAP

User naming attribute = ?? (default is cn)
Group naming attribute = ?? (default again is cn)
Group member attribute = ?? (default is member)

Putting in dc=company;dc=com and hitting select gives me this --> http://imageshack.us/photo/my-images/200/pfsenseldap.jpg/
but Diagnostics:Authentication fails.

I've got a contrib installed that lets me see my LDAP schema which results in this pic --> http://imageshack.us/photo/my-images/121/phpldapinfo.jpg/

Any advice/help appreciated!

Craig.

[probie]

Can any members that have this working assist on this?

Thank you in advance.

[jaredadams]

I'm also interested. This is my next project.

[alcina]

Hi,

I have OpenVPN authenticating against my OpenLDAP server.  It's not happening as I would like it to, but this may get you started:

From your jpegs the distinguishedName of your users is in the format: uid=name,ou=Users,dc=hn,dc=local

So...your BaseDN should be: ou=Users,dc=hn,dc=local
Level: One Level
Set your Authentication Container to the same: ou=Users,dc=hn,dc=local
User naming attribute should be: uid (as that is what you use!)
Group naming attribute and Group member attribute make little difference at this point.

This will allow ANYONE in your ou=Users tree to log in.  Which may, or more likley, may not, be what you want.  And this is the problem I'm having.

I have a user with the DN of: uid=fred,ou=people,dc=example,dc=com
Setting the VPN up as above the he can connect sucessfully and the logs say:
openvpn: : Now Searching for fred in directory.
openvpn: : Now Searching in server MyLDAP, container ou=people,dc=example,dc=com with filter (uid=fred).
Logged in successfully as fred via LDAP server MyLDAP with DN = uid=fred,ou=people,dc=example,dc=com.
openvpn: user fred authenticated

I'm guessing that, like me, you want only users in your cn=pmb_vpn group to have access.  From your images I can't see if your vpn group is static or dynamic.  That said, I can't get either to work.  I think that dynamic groups are a no-no on account of how they are searched, but I have a static group and it still doesn't work.  The static group (cn=vpn,ou=groups,dc=example,dc=com) has the following members who may use the VPN:
member: uid=fred,ou=people,dc=example,dc=com
member: uid=joe,ou=people,dc=example,dc=com
etc..

I set my Authentication Container to: cn=vpn,ou=groups,dc=example,dc=com
User naming attribute remains: uid
Group naming attribute: cn
Group member attribute: member

And I try the VPN with the user fred...but I get the following log:

openvpn: : Now Searching for fred in directory.
openvpn: : Now Searching in server MyLDAP, container cn=vpn,ou=groups,dc=example,dc=com with filter (uid=fred).
openvpn: : ERROR! Either LDAP search failed, or multiple users were found.
openvpn: user fred could not authenticate.

And the VPN doesn't authenticate

Ideally I need it to filter the ou=people branch with: "(&(uid=fred)(vpnUser=true))" as I have a bespoke attribute vpnUser which is either true of false for each user (that is how the dynamic vpn group was created).

[jader]

Any news about pfSense2 authenticate against SME8 LDAP ?

I'd like to have it running SquidProxy/DansGuard authenticated!

[denis31]

Any news about pfSense2 authenticate against SME8 LDAP ?

I'd like to have it running SquidProxy/DansGuard authenticated!

Hi,

I am interested in too... (pfSense v2.0.1)

But can't get it working so far...
But keep trying...

Regards,