# OpenVPN Active Directory integration



## lamacont (Jun 21, 2014)

Hi all,
I tested this in FreeBSD 9.1, 9.2 and 10 x64 versions.

Already upgraded ports.

Installed ports:
security/openvpn (version - 2.3.4)
security/openvpn-auth-ldap (version - 2.0.3)

My openvpn.conf file content:

```
plugin /usr/local/lib/openvpn-auth-ldap.so "/usr/local/etc/openvpn/openvpn-auth-ldap.conf"
proto udp
port 1194
dev tun
server 192.168.150.0 255.255.255.0

ca /usr/local/etc/openvpn/keys/keys/ca.crt
cert /usr/local/etc/openvpn/keys/keys/openvpnserver.crt
key /usr/local/etc/openvpn/keys/keys/openvpnserver.key
client-cert-not-required
dh /usr/local/etc/openvpn/keys/keys/dh2048.pem
tls-auth /usr/local/etc/openvpn/keys/keys/ta.key 0

persist-key
persist-tun
keepalive 10 60

push "route 10.41.0.0 255.255.255.0"
topology subnet

user root
group wheel

daemon
log-append /var/log/openvpn.log
```

My /usr/local/etc/openvpn/openvpn-auth-ldap.conf file content:

```
<LDAP>
        URL             ldap://xxx.xx:389
        BindDN          XXX@XXX.XXX
        Password       XXXXXXXXXX
        Timeout         15
</LDAP>
<Authorization>
           BaseDN          "DC=atl,DC=lan"
           SearchFilter    "(&(sAMAccountName=%u)(memberOf=CN=mercurial,OU=mercurial,DC=xxx,DC=xx))"
</Authorization>
```

With ldapsearch *I* tested _the_ LDAP configuration and it is successful.

When I tried _to_ start OpenVPN from the command line with the command `openvpn --config ad-auth.conf`, I found _the_ error in my log file below:

```
cat /var/log/openvpn.log
Sat Jun 21 14:36:37 2014 OpenVPN 2.3.4 amd64-portbld-freebsd9.2 [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 21 2014
Sat Jun 21 14:36:37 2014 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.06
Sat Jun 21 14:36:37 2014 PLUGIN_INIT: plugin initialization function failed: /usr/local/lib/openvpn-auth-ldap.so
Sat Jun 21 14:36:37 2014 Exiting due to fatal error
```
After that I searched the error 
	
	



```
plugin initialization function failed: openvpn-auth-ldap.so
```
 on Google and found bug about this: http://lists.freebsd.org/pipermail/free ... 56360.html

And I want to know if anybody found how I can fix this?
Thank you for answers.


----------



## viniciusferrao (Jun 25, 2014)

You really need to use the security/openvpn-auth-ldap?

You could setup something like security/sssd and use PAM as authentication realm for OpenVPN.


----------



## Oko (Jun 25, 2014)

I am very interested in the final solution. Please post.


----------



## lamacont (Jul 27, 2014)

Why if for that have exactly port with name openvpn-auth-ldap.  I tested this on CentOS. Not worked too.  Just worked on Ubuntu 14.04.

Strange thing i tested this last time on FreeBSD 9.1 with old ports and with old versions OpenVPN and DC-plugin it is worked. But in old ports I need find a lots of things from internet because this ports is out of date.


----------



## lamacont (Jul 27, 2014)

And there are old version OpenVPN with old version openvpn-auth-ldap.

And I have news about port security/openvpn-auth-radius too. Bad news . I wanted integrate OpenVPN with RADIUS. And after that integrate FreeRADIUS with DC . But bad news in openvpn-auth-radius port same thing happens.


----------



## lamacont (Aug 27, 2014)

```
root@openvpn:/usr/ports/security/openvpn-auth-ldap # make install
===>  openvpn-auth-ldap-2.0.3_9 is marked as broken: Needs to be ported to a new Object base-class with +alloc..
*** [install] Error code 1

Stop in /usr/ports/security/openvpn-auth-ldap.
root@openvpn:/usr/ports/security/openvpn-auth-ldap # date
Wed Aug 27 21:16:12 AZST 2014
```


----------



## NindyAyuW (Jan 7, 2015)

I just found this thread and it seems that I've double-posted (sorry). Anyway, this is mine https://forums.freebsd.org/threads/help-on-port-security-openvpn-auth-ldap.49844/#post-278680.

You should comment out the BROKEN and OBJCFLAGS+= line, and it will work just fine. I just tried it.


----------

