openvpn-auth-ldap
openvpn-auth-ldap copied to clipboard
cannot make it working with google workspace
Hi there,
I follow the configuration here https://support.google.com/a/answer/9089736?hl=en#zippy=%2Copenldap-ldapsearch-linux%2Copenvpn-community-version
My conf is
<LDAP>
URL ldaps://ldap.google.com:636
Timeout 15
TLSEnable no
FollowReferrals yes
TLSCACertDir /etc/ssl/certs
TLSCertFile /etc/openvpn/keys/ldap-client.crt
TLSKeyFile /etc/openvpn/keys/ldap-client.key
</LDAP>
<Authorization>
BaseDN "dc=mycorp,dc=com"
SearchFilter "(uid=%u)"
RequireGroup false
</Authorization>
with the plugin configured in openvpn I have a common error :
LDAP search failed: Can't contact LDAP server ((unknown error code))
tought using ldapsearch it worked well. I ended using a shell script like this but this not very satisfying :
#!/bin/bash
export LDAPTLS_CIPHER_SUITE='NORMAL:!VERS-TLS1.3'
export LDAPTLS_CERT=/etc/openvpn/keys/ldap-client.crt
export LDAPTLS_KEY=/etc/openvpn/keys/ldap-client.key
readarray -t lines < $1
name=${lines[0]}
pass=${lines[1]}
base='dc=corp,dc=com'
host='ldaps://ldap.google.com'
dn=$(ldapsearch -LLL -H $host -b $base "(&(objectclass=posixAccount)(uid=$name))" dn 2>/dev/null | grep dn: | sed 's/dn: //')
ldapsearch -LLL -x -D "$dn" -w $pass -H $host -b $base -s sub "(uid=$name)" mail > /dev/null 2>&1
if [ "$?" = "0" ]; then
echo "ok"
exit 0
else
echo "ko"
exit 1
fi