Results 1 to 5 of 5

Thread: OpenVpn and Zimbra-LDAP Authentication

  1. #1
    temply85 is offline Starter Member
    Join Date
    Aug 2009
    Posts
    1
    Rep Power
    5

    Default OpenVpn and Zimbra-LDAP Authentication

    Hi all!
    i've running Zimbra with Samba Integration.
    today i've installed OpenVpn Access Server
    i'm trying to configure it to auth users throught tha zimbra ldap, but with no success.
    i require this settings:
    Primary server: ldap://hostname:389

    # Credentials for Initial Bind:
    Use these credentials:

    Bind DN: uid=zimbra,cn=admins,cn=zimbra
    password: xxxxxxx

    Base DN for User Entries: dc=birdys,dc=local

    Username Attribute: uid

    any idea on what i am wrong?
    or where i've made mistake?

    Thanx

    Temply

  2. #2
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    718
    Rep Power
    9

    Default

    Your answer should be in /var/log/zimba.log, which is where slapd logs.

  3. #3
    elinstad is offline Intermediate Member
    Join Date
    Dec 2007
    Location
    U.S.A
    Posts
    17
    Rep Power
    7

    Default

    I am running openvpn on a FreeBSD box in my network and authing against Zimbra LDAP. I have added the following plugin line to the openvpn.conf:
    Code:
    plugin /usr/local/lib/openvpn-auth-ldap.so auth-ldap.conf
    and this is the contents of my auth-ldap.conf file (obviously changing your ldap URL and your base DN:
    Code:
    <LDAP>
            # LDAP server URL
            URL             ldap://<hostname or IP>
            # Bind DN (If your LDAP server doesn't support anonymous binds)
            BindDN          cn=config
    
            # Bind Password
            Password        <password>
    
            # Network timeout (in seconds)
            Timeout         15
    
            # Enable Start TLS
            TLSEnable       no
    
            # Follow LDAP Referrals (anonymously)
            FollowReferrals yes
    </LDAP>
    
    <Authorization>
            # Base DN
            BaseDN          "ou=people,dc=example,dc=com"
    
            # User Search Filter
            SearchFilter    "(uid=%u)"
    </Authorization>
    Erik Linstad

  4. #4
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    7

    Default

    Quote Originally Posted by elinstad View Post
    I am running openvpn on a FreeBSD box in my network and authing against Zimbra LDAP. I have added the following plugin line to the openvpn.conf:
    Code:
    plugin /usr/local/lib/openvpn-auth-ldap.so auth-ldap.conf
    and this is the contents of my auth-ldap.conf file (obviously changing your ldap URL and your base DN:
    Code:
    <LDAP>
            # LDAP server URL
            URL             ldap://<hostname or IP>
            # Bind DN (If your LDAP server doesn't support anonymous binds)
            BindDN          cn=config
    
            # Bind Password
            Password        <password>
    
            # Network timeout (in seconds)
            Timeout         15
    
            # Enable Start TLS
            TLSEnable       no
    
            # Follow LDAP Referrals (anonymously)
            FollowReferrals yes
    </LDAP>
    
    <Authorization>
            # Base DN
            BaseDN          "ou=people,dc=example,dc=com"
    
            # User Search Filter
            SearchFilter    "(uid=%u)"
    </Authorization>
    Has anyone been able to authorize on additional criteria? POSIX groups, zimbraAccountStatus even?

  5. #5
    SageZm is offline New Member
    Join Date
    Nov 2013
    Posts
    4
    Rep Power
    1

    Default

    Quote Originally Posted by juanschwartz View Post
    Has anyone been able to authorize on additional criteria? POSIX groups, zimbraAccountStatus even?
    I did and this is why I'm posting to help others.

    Scenario : I want my users to connect to OpenVPN only if they are member of a group (which is a "distribution list" in the Zimbra world). On this example, my distribution list is called "vpnusers".

    STEPS:

    1. Create a distribution list and check the option "Dynamic Group".

    Explanation :
    The Dynamic Group option is the key here.
    This will create a new branch in cn=groups,dc=yourserver,dc=com
    In our case: cn=vpnusers,cn=groups,dc=yourserver,dc=com

    Without this option, your distribution list will only appear in : ou=people,dc=yourserver,dc=com

    2. Setup the Authorization section of your OpenVPN LDAP configuration

    Code:
    <Authorization>
            # Base DN
            BaseDN          "ou=people,dc=YOURSERVER,dc=com"
    
            # User Search Filter
            SearchFilter    "uid=%u"
    
            # Require Group Membership
            RequireGroup    true
    
            <Group>
                    BaseDN          "cn=groups,dc=YOURSERVER,dc=com"
                    SearchFilter    "(cn=vpnusers)"
                    MemberAttribute "member"
            </Group>
    
    </Authorization>
    Enjoy !

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 12
    Last Post: 03-26-2010, 01:13 AM
  2. Fresh Zimbra installation does not work
    By Datax in forum Installation
    Replies: 4
    Last Post: 08-18-2008, 01:18 PM
  3. recommended lock down of new Zimbra install
    By dnk in forum Installation
    Replies: 4
    Last Post: 06-02-2008, 03:38 PM
  4. PPTP or L2TP VPN authenticating against Zimbra LDAP?
    By wolrah in forum Administrators
    Replies: 0
    Last Post: 09-26-2007, 01:09 PM
  5. OpenVPN LDAP authentication
    By didde in forum Administrators
    Replies: 0
    Last Post: 07-15-2007, 03:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •