This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OpenVPN and Google Ldap

Posted on 11-09-2024 06:11 AM
Booman
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I'm trying to configure OpenVPN community with google LDAP. From the google dashboard, I

  • created a LDAP client with right permissions (it can do everything for now).
  • activated the LDAP client.

I'm using openvpn-auth-ldap plugin, my ldap configuration file :

 

<LDAP>
    URL ldaps://ldap.google.com:636
    Timeout 30
    TLSEnable false
    FollowReferrals yes

    # Certificates
    TLSCACertDir /etc/ssl/certs/
    TLSCertFile /etc/openvpn/ldap/Google_2027_11_07_50982.crt
    TLSKeyFile /etc/openvpn/ldap/Google_2027_11_07_50982.key
</LDAP>

<Authorization>
    BaseDN "ou=Users,dc=myorg,dc=com"
    SearchFilter "(uid=%u)"
    RequireGroup false
</Authorization>

 

Then from the same machine, I play the client role with firstname.lastname and password : 

 

openvpn --config ./client/test-client.ovpn

 

And my issue from the cloudvpn server error logs:

 

ovpn-server[23296]: LDAP bind failed: Insufficient access (User is not licensed)
openvpn[23296]: LDAP bind failed: Insufficient access (User is not licensed)
openvpn[23296]: Incorrect password supplied for LDAP DN "uid=firstname.lastname,ou=Users,dc=myorg,dc=com".
ovpn-server[23296]: Incorrect password supplied for LDAP DN "uid=firstname.lastname,ou=Users,dc=myorg,dc=com".
ovpn-server[23296]: 127.0.0.1:35060 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
ovpn-server[23296]: 127.0.0.1:35060 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
ovpn-server[23296]: 127.0.0.1:35060 TLS Auth Error: Auth Username/Password verification failed for peer
ovpn-server[23296]: 127.0.0.1:35060 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
ovpn-server[23296]: 127.0.0.1:35060 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted
ovpn-server[23296]: 127.0.0.1:35060 Delayed exit in 5 seconds
ovpn-server[23296]: 127.0.0.1:35060 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
ovpn-server[23296]: 127.0.0.1:35060 SENT CONTROL [generic-client]: 'AUTH_FAILED' (status=1)
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 WRITE [196] to [AF_INET]127.0.0.1:35060: P_CONTROL_V1 kid=0 [ 4 3 2 1 ] pid=3 DATA len=158
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 WRITE [238] to [AF_INET]127.0.0.1:35060: P_CONTROL_V1 kid=0 [ 4 3 2 1 ] pid=4 DATA len=200
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 READ [34] from [AF_INET]127.0.0.1:35060: P_ACK_V1 kid=0 [ 3 2 1 0 ] DATA len=0
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 READ [34] from [AF_INET]127.0.0.1:35060: P_ACK_V1 kid=0 [ 3 2 1 0 ] DATA len=0
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 READ [34] from [AF_INET]127.0.0.1:35060: P_ACK_V1 kid=0 [ 4 3 2 1 ] DATA len=0
ovpn-server[23296]: 127.0.0.1:35060 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
ovpn-server[23296]: 127.0.0.1:35060 [generic-client] Peer Connection Initiated with [AF_INET]127.0.0.1:35060
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 WRITE [72] to [AF_INET]127.0.0.1:35060: P_CONTROL_V1 kid=0 [ 4 3 2 1 ] pid=5 DATA len=34
ovpn-server[23296]: 127.0.0.1:35060 UDPv4 WRITE [72] to [AF_INET]127.0.0.1:35060: P_CONTROL_V1 kid=0 [ 4 3 2 1 ] pid=5 DATA len=34
ovpn-server[23296]: read UDPv4 [ECONNREFUSED]: Connection refused (fd=8,code=111)

 

The user exists and has a license. Do you have an idea for me? (I already the official documentation).

Thanks.

0 0 136
Topic Labels
0 Likes
0 REPLIES 0
Top Labels in this Space