search

x-itec / openvpn-auth-ldap

Automatically exported from code.google.com/p/openvpn-auth-ldap
Other
0 stars 0 forks source link

LDAPS auth against AD #30

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. If I try to run /testplugin /etc/openvpn/ldapconf/auth-ldap.conf, using the 
URL     ldap://192.168.3.25 config, it works
2. If i run it with URL     ldaps://192.168.3.25, it doesn't work

192.168.3.25 is a domain controller with ldap and ldaps ports open.  We have 
servers that authenticate against this host using ldaps.

What is the expected output? What do you see instead?
When using LDAP:
Authorization Succeed!
client-connect succeed!
client-disconnect succeed!

LDAP bind failed immediately: Can't contact LDAP server ((unknown error code))
Unable to bind as admin2@XXX.YYY
LDAP connect failed.
Authorization Failed!

What version of the product are you using? On what operating system?

I'm using auth-ldap-2.0.3 on Ubuntu 10.10 server

Please provide any additional information below.

#auth-ldap.conf 

<LDAP>
    # LDAP server URL
    URL     ldaps://192.168.3.25

    # Bind DN (If your LDAP server doesn't support anonymous binds)
    # BindDN        uid=Manager,ou=People,dc=example,dc=com
    BindDN          admin2@XXX.YYY

    # Bind Password
    # Password  SecretPassword
    Password    SomePassword    

    # Network timeout (in seconds)
    Timeout     15

    # Enable Start TLS
    TLSEnable   yes

    # Follow LDAP Referrals (anonymously)
    FollowReferrals yes

    # TLS CA Certificate File
    #TLSCACertFile  /usr/local/etc/ssl/ca.pem

    # TLS CA Certificate Directory
    #TLSCACertDir   /etc/ssl/certs

    # Client Certificate and key
    # If TLS client authentication is required
    #TLSCertFile    /usr/local/etc/ssl/client-cert.pem
    #TLSKeyFile /usr/local/etc/ssl/client-key.pem

    # Cipher Suite
    # The defaults are usually fine here
    # TLSCipherSuite    ALL:!ADH:@STRENGTH
</LDAP>

<Authorization>
    # Base DN
    BaseDN      OU=SBSUsers,OU=Users,OU=MyBusiness,DC=XXX,DC=YYY

    # User Search Filter
    SearchFilter    "(SAMAccountName=%u)"

    # Require Group Membership
    RequireGroup    false

Original issue reported on code.google.com by ugo...@gmail.com on 16 May 2012 at 10:26

GoogleCodeExporter commented 9 years ago 
Oops, I forgot to add that the second set of output is for when I use LDAPS

Original comment by ugo...@gmail.com on 16 May 2012 at 11:36

GoogleCodeExporter commented 9 years ago 
Thu Aug 22 17:11:29 BST 2013

Also having the same problem.  Using ldapsearch, can connect using ldaps://...

Does the plugin work with an ldaps URI?

Original comment by rpri...@gmail.com on 22 Aug 2013 at 4:20