僅列出與之前不同的地方
1. 安裝 openvpn-auth-ldap 套件
Ubuntu 16.04
# apt-get install openvpn-auth-ldap
CentOS 6.x/7.x
# yum install openvpn-auth-ldap
2. 修改 /etc/openvpn/server.conf
在檔案最後面加入下面的設定
# vim /etc/openvpn/server.conf
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
# CentOS 7
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.conf
請確認 openvpn-auth-ldap.so 檔的位置[@more@]3. 建立目錄 /etc/openvpn/auth/
# mkdir /etc/openvpn/auth/
4. 建立 /etc/openvpn/auth/auth-ldap.conf 設定檔
# egrep -v ‘^#|^$’ /etc/openvpn/auth/auth-ldap.conf
<LDAP>
# LDAP server URL
#URL ldap://ldap1.example.org
URL ldap://192.168.1.20
# Bind DN (If your LDAP server doesn’t support anonymous binds)
BindDN cn=admin,dc=bpim3,dc=test,dc=org
# Bind Password
# Password SecretPassword
Password 123456
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
# Follow LDAP Referrals (anonymously)
# TLS CA Certificate File
# TLS CA Certificate Directory
# Client Certificate and key
# If TLS client authentication is required
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
# Base DN
BaseDN “ou=People,dc=example,dc=com”
# User Search Filter
SearchFilter “(&(uid=%u))”
# Require Group Membership
RequireGroup false
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
</Authorization>
5. 檢查 OpenVPN 設定檔是否正確
# openvpn –config /etc/openvpn/server.conf
6. 重新啟動 OpenVPN Server,並檢查是否有正常啟動
# systemctl restart openvpn@server.service;systemctl status openvpn@server.service
7. Client 端設定檔加入
auth-user-pass