Makdaam / openvpn-auth-ldap

Automatically exported from code.google.com/p/openvpn-auth-ldap
Other
0 stars 0 forks source link

Incorrect authentication with pfsense+openvpn & ldap #23

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I have observed some strange behavior with pfsense+openvpn & ldap 
authentication.

Setup
-------
- My setup has pfsense 1.2.3 (& openvpn bundled with it) & OpenDS 2.2 as ldap 
provider. 
- In ldap, I have base DN as "dc=baseorg,dc=com".
- There are two sub domains - "dc=orgone,dc=baseorg,dc=com", 
"dc=orgtwo,dc=baseorg,dc=com".
- Theres a user in each subdomain called "testuser".
- BaseDN in authorization section of the config is set to "dc=baseorg,dc=com".
- RequireGroup is set to false

Behavior - 1 
---------------
Test: If I try to authenticate with testuser@baseorg.com
Expected Behavior - Ideally auth should fail as the user belongs to one of the 
sub-domain.
Actual Behavior - User gets authenticated successfully.
Question - Is this an expected behavior?

Behavior - 2
---------------
Test: If I try to authenticate with junk values whatever@abcd.com
Expected Behavior - Ideally auth should fail with an error message for 
incorrect username or domain.
Actual Behavior - A line in openvpn log - Incorrect password supplied for LDAP 
DN "cn=testuser,dc=orgtwo,dc=baseorg,dc=com".
Question - How come "cn=testuser,dc=orgtwo,dc=baseorg,dc=com" is referred when 
the values are junk?

Original issue reported on code.google.com by chetansa...@gmail.com on 26 Nov 2010 at 5:15