Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openvpn-auth-ldap: init at 2.0.3 #31108

Merged
merged 1 commit into from Nov 3, 2017
Merged

openvpn-auth-ldap: init at 2.0.3 #31108

merged 1 commit into from Nov 3, 2017

Conversation

benley
Copy link
Member

@benley benley commented Nov 1, 2017

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

grahamc
grahamc reviewed Nov 2, 2017
View reviewed changes
pkgs/tools/networking/openvpn/openvpn-auth-ldap.nix
license = [
licenses.asl20
licenses.bsd3
];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you like to maintain this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I will add myself to the maintainers line.

@orivej orivej merged commit c0a0d8b into NixOS:master Nov 3, 2017
@benley benley deleted the openvpn-auth-ldap branch November 3, 2017 00:58
@orivej
Copy link
Contributor

orivej commented Nov 22, 2017

I had to update the git tag and rehash the patches in 1bae36b

@benley
Copy link
Member Author

benley commented Nov 22, 2017

Thanks for doing that. It looks like the build must have been broken all along, which is weird - I wonder how I managed to have it build successfully on my end and overlook the bogus git rev.

@copumpkin
Copy link
Member

@orivej @benley have either of you integrated this into the NixOS module for OpenVPN? Curious if there are example configs using it.

@orivej
Copy link
Contributor

orivej commented Jul 12, 2018
edited

No, I'm not running an OpenVPN server with LDAP authentication. I imagine you could use

services.openvpn.servers.my-server.config =
  builtins.replaceStrings [ "{openvpn-auth-ldap}" ] [ pkgs.openvpn-auth-ldap ]
    builtins.readFile ./my-server.ovpn;

and everything else is not specific to NixOS.

@benley
Copy link
Member Author

benley commented Jul 12, 2018

I'm using this plugin in a docker image built by nix and deployed on kuberneted, but not with the nixos openvpn module.

Short summary:

In your openvpn config,

plugin ${pkgs.openvpn-auth-ldap}/lib/openvpn-auth-ldap.so /path/to/openvpn-ldap.conf

and in openvpn-ldap.conf, for a setup with recursive group membership expansion (this works with Active Directory, among others)

<LDAP>
  URL ldap://ldap.server.hostname.whatever.domain
  BindDN service-account@whatever.domain
  Password asldkfjalksjdfa
  FollowReferrals yes
  TLSEnable yes
  Timeout 15
</LDAP>
<Authorization>
  BaseDN OU=Users,DC=whatever,DC=domain
 SearchFilter (&(sAMAccountName=%u)(memberOf:1.2.840.113556.1.4.1941:=CN=some-group,OU=Groups,DC=whatever,DC=domain))
  RequireGroup false
</Authorization>

@copumpkin
Copy link
Member

Yeah, thank you both! I think I have it working nicely now with a NixOS module config. Now wishing https://github.com/guywyers/openvpn-auth-ldap had been merged 😄annoying because none of the debian patches apply cleanly to it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grahamc grahamc grahamc left review comments

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@benley @orivej @copumpkin @grahamc @GrahamcOfBorg