File: auth-ldap-pf.conf

package info (click to toggle)
openvpn-auth-ldap 2.0.4-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,592 kB
  • sloc: ansic: 8,366; objc: 3,799; sh: 2,718; cpp: 594; makefile: 189; xml: 36
file content (52 lines) | stat: -rw-r--r-- 1,027 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
<LDAP>
	# LDAP server URL
	URL		ldap://ldap1.example.org

	# Bind DN (If your LDAP server doesn't support anonymous binds)
	BindDN		uid=Manager,ou=People,dc=example,dc=com

	# Bind Password
	Password	SuperSecretPassword

	# Network timeout (in seconds)
	Timeout		15

	# Enable TLS
	TLSEnable	yes

	# TLS CA Certificate File
	TLSCACertFile	/usr/local/etc/ssl/ca.pem

	# TLS CA Certificate Directory
	TLSCACertDir	/etc/ssl/certs

	# Client Certificate
	TLSCertFile	/usr/local/etc/ssl/client-cert.pem

	# Client Key
	TLSKeyFile	/usr/local/etc/ssl/client-key.pem

	# Cipher Suite
	TLSCipherSuite	ALL:!ADH:@STRENGTH
</LDAP>

<Authorization>
	# Base DN
	BaseDN		"ou=People,dc=example,dc=com"

	# User Search Filter
	SearchFilter	"(&(uid=%u)(accountStatus=active))"

	# Require Group Membership
	RequireGroup	false

	# Add to PF Table
	PFTable		ips_users

	<Group>
		BaseDN		"ou=Groups,dc=example,dc=com"
		SearchFilter	"(|(cn=developers)(cn=artists))"
		MemberAttribute	uniqueMember
		PFTable		ips_trusted
	</Group>
</Authorization>