Feature Request: LDAP authentication to Azure Windows server

[n9yty]

Just curious, it may be well out of scope, but we are using this to secure access to a Windows server in Azure, but as it works now only the certificate is used to authenticate to the VPN. Would it be possible to extend this to query LDAP on a Windows server in Azure to look up the username and also require a password along with the certificate?

[theonemule]

Check this post out here. Basically, add a package with apt (this guide uses yum, but the same package is on apt) then configure the server to authenticate against AD. You need to add one line (auth-user-pass) to the template that generates the .ovpn file.

https://www.allcloud.io/how-to/configure-openvpn-authentication-using-active-directory/

It could be a feature, but given that almost every implementation of AD has some quirks to it, I think it's one of those areas I'd leave to the user to customize.

Hope this helps.

[n9yty]

Thanks, who would have thought it would have been so easy? LoL Because, as you say, every time I've played with LDAP and/or AD it is a bit quirky. I played around with an approach using an external script basaed on this post:

https://forums.openvpn.net/viewtopic.php?t=13053

It works, but using the plugin may prove more performant and secure.

Thanks so much for the feedback, hopefully this will prove useful for someone down the road.