Results 1 to 4 of 4

Thread: [SOLVED] LDAP help with external app

  1. #1
    maxxer's Avatar
    maxxer is offline Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default [SOLVED] LDAP help with external app

    Hi
    I am trying to authenticate Endian Firewall's VPN users against Zimbra.
    I'm following the article at this url:
    Endian Knowledge Base / How to configure LDAP authentication with openvpn server

    So I produced the following configuration file for openvpn:
    Code:
    AUTHENTICATION_STACK=ldap,local
    AUTH_TYPE=psk
    CLIENT_TO_CLIENT=on
    DOMAIN=mydomain.it
    DROP_DHCP=
    GLOBAL_DNS=10.22.22.1
    LDAP_BIND_DN=cn=uid=zimbra,cn=admins,cn=zimbra
    LDAP_BIND_PASSWORD=ldappwd
    LDAP_GROUP_BASEDN=ou=groups,dc=mydomain,dc=it
    LDAP_GROUP_MEMBERATTRIBUTE=uniqueMember
    LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
    LDAP_REQUIRE_GROUP=on
    LDAP_URI=ldap://zimbraserver
    LDAP_USER_BASEDN=ou=people,dc=mydomain,dc=it
    LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
    OPENVPN_ENABLED=on
    OPENVPN_PORT=41194
    PURPLECLIENT_BEGIN_DEVICE=tap2
    PURPLE_DEVICE=tap0
    PURPLE_IP_BEGIN=10.22.22.231
    PURPLE_IP_END=10.22.22.240
    PUSH_DOMAIN=
    PUSH_GLOBAL_DNS=
    PUSH_GLOBAL_NETWORKS=
    but it won't work.
    I stripped out some of the filtering it does, as I only need 'vpn' group.
    so it doesn't work.

    Anyone did something like that?

    I configured Zabbix LDAP login without any issue, I'm wondering what's wrong here...
    thanks
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,488
    Rep Power
    56

    Default

    Have you read the Release Notes about Anonymous searches of LDAP or is the firewall likely to be blocking this request?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    maxxer's Avatar
    maxxer is offline Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default

    thanks for your reply.

    that doesn't look to me as an anonymous search...
    and btw the vpn reside ON the firewall, there are no restrictions between it and zimbra!
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

  4. #4
    maxxer's Avatar
    maxxer is offline Trained Alumni
    Join Date
    Feb 2009
    Location
    Lecco, Italy
    Posts
    552
    Rep Power
    7

    Default

    Ok this is the correct configuration for Endian Firewall and Zimbra LDAP, to authenticate users in the posix "vpn" group.

    Code:
    LDAP_BIND_DN=uid=zimbra,cn=admins,cn=zimbra
    LDAP_BIND_PASSWORD=MYLDAPPASS
    LDAP_GROUP_BASEDN=ou=groups,dc=MYDOMAIN,dc=it
    LDAP_GROUP_MEMBERATTRIBUTE=memberUid
    LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
    LDAP_REQUIRE_GROUP=on
    LDAP_URI=ldap://MYZIMBRASERV
    LDAP_USER_BASEDN=ou=people,dc=MYDOMAIN,dc=it
    LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
    can be improved with checks like if the user is active, for instance.

    efw vpn is based on openvpn, so I guess these settings, in one way or another, will fit for every openvpn client.
    Last edited by maxxer; 10-16-2010 at 03:08 PM. Reason: added openvpn note
    YetOpen S.r.l. ~ Your open source partner
    Lecco (LC) - ITALY
    http://www.yetopen.it

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External Ldap user attributes
    By jherington in forum Installation
    Replies: 0
    Last Post: 11-20-2007, 12:50 AM
  2. About external LDAP problem, urgent!
    By bylong in forum Administrators
    Replies: 5
    Last Post: 08-24-2007, 07:10 PM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  5. External LDAP - Users can't log in
    By bjimerson in forum Administrators
    Replies: 4
    Last Post: 08-20-2006, 01:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •