LDAP library directory:
OpenVPN Access Server post_auth LDAP group mapping script
The post_auth programming hook in Access Server was put in to extend the possibilities of the Access Server to authenticate against a source of credentials. By default without using post_auth the following sources can be authenticated against in Access Server: LOCAL, PAM, LDAP, RADIUS
OpenVPN Access Server on Active Directory via LDAP
Please refer to the link to configure Windows Server 2016 running an Active Directory so that OpenVPN Access Server can connect to it and use the objects in the AD for authentication.
Configuring Google Secure LDAP with OpenVPN Access Server
The guide helps to understand the order the OpenVPN Access Server integration with Google LDAP.
As per Google's documentation, supported editions of G Suite for this feature are 'Business Plus', 'Enterprise', 'Education', or 'Enterprise for Education'.
This will not work with the normal 'Business' or basic Gmail/Google Drive user accounts.
Rather than creating a Bind user like most LDAP integrations, Google LDAP requires an SSL certificate, making the integration slightly more complex.
You will need to be familiar with the sacli tool for advanced configuration of OpenVPN Access Server. More information about it here: Access Server Command Line Interface Tools.
Integrate Okta with OpenVPN Access Server via LDAP
Configuring Okta to integrate with OpenVPN Access Server can be done with LDAP. This requires requesting the LDAP Interface feature added to your Okta account.
The following pieces will make up the LDAP integration between Okta and OpenVPN Access Server:
An active LDAP Interface in your Okta directory integrations
An Okta Read-Only admin account as your bind user
Defining the configuration for the bind in OpenVPN Access Server
Access Server Resources:
OpenVPN Access Server Documentation
OpenVPN Access Server Resource Center
OpenVPN Access Server Admin Manual
Please sign in to leave a comment.