On Aug 23, 2006, at 04:14, Pasi Kärkkäinen wrote:
Hi! Nice work. Need to test it someday..
Thanks.
Please consider adding a feature which enables administrator to specify DNS- and WINS-addresses per group.. that would be really useful to somepeople (like me).
I'd like to be able to specify arbitrary per-group OpenVPN configuration options, in a manner similar to the client-config-dir.
The easiest configuration would probably be something like: <Authorization> ... <Group> ... # OpenVPN Client Configuration ClientConfig /usr/local/etc/openvpn/client/engineering.conf </Group> </Authorization>In terms of the existing plugin interface, however, this is not currently feasible. There is no obvious way for the plugin to return a path / setting to the openvpn instance from within openvpn_plugin_func_v1().
-landonf
On Mon, Aug 21, 2006 at 04:07:51PM -0700, Landon Fuller wrote:I'd like to announce the first public beta release of version 2.0 of our LDAP authentication plugin for OpenVPN[1] : http://dpw.threerings.net/projects/openvpn-auth-ldap/ This release is a vast improvement on the rudimentary 1.0 plugin -- new features include: - Full support for LDAP search filters -- no more DN templates required. - Group-based access control. (rfc2307bis / LDAP) - Integration with the OpenBSD Packet Filter. Can add and remove VPN clients to PF tables on connect/disconnect -- even on the basis of group membership. Tested on FreeBSD. - Easy to understand Apache-style configuration file. I hope that this plugin will serve as a solid base for adding additional OpenVPN-specific LDAP features, such as the PF firewall integration. This code should be fairly solid -- it has near 100% unit test coverage, has been subject to full regression testing, and has been rigorously tested for code errors and memory leaks under valgrind. The code also operates flawlessly inside of chrooted OpenVPN instance. We are currently using the module on our production VPN server. Built with the distribution is an independent plugin driver that can be used to test the plugin and your configuration outside of OpenVPN. After you have built the plugin, the driver can be run as follows: ./src/testplugin <config file> Cheers, Landon Fuller Three Rings Design, Inc. [1] Version 1.0 of this plugin was hosted on the OpenDarwin website: http://www.opendarwin.org/~landonf/software/openvpn-auth-ldap/
PGP.sig
Description: This is a digitally signed message part