Hi, You could use a filter to restrict the responses returned to the VPN server based on the IP address of the server performing the query?
Regards /Cole On 3 March 2016 at 17:01, dev <[email protected]> wrote: > Hello All, > I have OpenLDAP (2.4.31-1+nmu2ubuntu8.2) setup to authenticate users on our > LAN with ActiveDirectory using SASL passthrough. > > I want to give some of these users access to VPN (OpenVPN) services (auth > with the same OpenLDAP server above) however I want to give them an {SHA1} > password to access the VPN. > > I've created another OU (OU=vpnuser) and simply duplicated the entire user > entry into it. I have the VPN server using a searchbase of "OU=vpnuser.." > and things are working as I want... sort of.. > > Some software on the LAN finds two users in ldap now so I explicitly exclude > OU=vpnuser from searchbases (!OU=vpnuser). ugh.. > > Is there a better way to accomplish what I am trying to do? Give the same > user two different passwords in the ldap tree? > > Thanks > > >
