I have observed some strange behavior with pfsense+openvpn & ldap
authentication.
Setup
-------
- My setup has pfsense 1.2.3 (& openvpn bundled with it) & OpenDS 2.2 as ldap
provider.
- In ldap, I have base DN as "dc=baseorg,dc=com".
- There are two sub domains - "dc=orgone,dc=baseorg,dc=com",
"dc=orgtwo,dc=baseorg,dc=com".
- Theres a user in each subdomain called "testuser".
- BaseDN in authorization section of the config is set to "dc=baseorg,dc=com".
- RequireGroup is set to false
Behavior - 1
---------------
Test: If I try to authenticate with testuser@baseorg.com
Expected Behavior - Ideally auth should fail as the user belongs to one of the
sub-domain.
Actual Behavior - User gets authenticated successfully.
Question - Is this an expected behavior?
Behavior - 2
---------------
Test: If I try to authenticate with junk values whatever@abcd.com
Expected Behavior - Ideally auth should fail with an error message for
incorrect username or domain.
Actual Behavior - A line in openvpn log - Incorrect password supplied for LDAP
DN "cn=testuser,dc=orgtwo,dc=baseorg,dc=com".
Question - How come "cn=testuser,dc=orgtwo,dc=baseorg,dc=com" is referred when
the values are junk?
Original issue reported on code.google.com by chetansa...@gmail.com on 26 Nov 2010 at 5:15
Original issue reported on code.google.com by
chetansa...@gmail.com
on 26 Nov 2010 at 5:15