On Aug 23, 2006, at 10:58, Charles Duffy wrote:

Landon Fuller wrote:
In terms of the existing plugin interface, however, this is not
currently feasible. There is no obvious way for the plugin to return a
path / setting to the openvpn instance from within
openvpn_plugin_func_v1().

I'm under the impression that the plugin interface allows one to hook
into client-connect and return client-specific directives via writing
them to a file (the name of which is passed in the argv array), similar
to the mechanism used by regular hook scripts. Indeed, in
OpenVPN-2.0.7's multi.c:1273, it appears to be creating a temporary
filename for precisely that use.

Whoops, I totally missed that:
               --client-connect script
Run script on client connection. The script is passed the com- mon name and IP address of the just-authenticated client as en- vironmental variables (see environmental variable section be- low). The script is also passed the pathname of a not-yet-cre- ated temporary file as $1 (i.e. the first command line argu- ment), to be used by the script to pass dynamically generated
              config file directives back to OpenVPN.

That's very handy. When I next have some free time, I'll take a look at adding support for specifying configuration directives on the basis of LDAP group membership.

Thanks!
-landonf

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to