I am attempting to configure OpenVPN to use openldap to authenticate our Active Directory users who are a member of our VPN group in AD. Here is my ldap config for OpenVPN. Specifically I need the filter string to allow enabled users who are a member of the _VPN group. The one you see below is from an example script I found that explains how to configure LDAP for openvpn.
SearchFilter "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))" Any help is appreciated! <LDAP> # LDAP server URL URL ldap://172.16.1.70 # Bind DN (If your LDAP server doesn't support anonymous binds) BindDN CN=ldapusername,OU=LDAP,DC=example,DC=local # Bind Password cn=vmail password Password ******* # Network timeout (in seconds) Timeout 15 </LDAP> <Authorization> # Base DN BaseDN "dc=example,dc=local" # User Search Filter SearchFilter "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))" # Require Group Membership RequireGroup false </Authorization> Josh Cole Network and Systems Engineer Fresno Pacific University (559) 453-3414
