From 8dd54b6d8a6f8ec7431dd657f533134477c7a2c7 Mon Sep 17 00:00:00 2001 From: Tayyeb Date: Fri, 3 Jul 2020 19:36:40 +0430 Subject: [PATCH] update auth-ldap.conf.j2 to optionally check group and add all auth-ldap specific variables to defaults/main.yml --- defaults/main.yml | 7 +++++++ templates/authentication/auth-ldap.conf.j2 | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index dc495d5..af53181 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -174,8 +174,15 @@ openvpn_use_pam_users: [] # LDAP authentication and configuration (optional) openvpn_use_ldap: false +openvpn_ldap_server: # ldapserver.example.org or ldap://ldapserver.example.org openvpn_ldap_tlsenable: 'false' openvpn_ldap_follow_referrals: 'false' +openvpn_ldap_bind_dn: # cn=administrator,cn=users,dc=ctc,dc=local +openvpn_ldap_bind_password: +openvpn_ldap_base_dn: # dc=ctc,dc=local +openvpn_ldap_search_filter: # sAMAccountName=%u +openvpn_ldap_group_base_dn: # ou=groups,dc=ctc,dc=local if empty fallback to openvpn_ldap_base_dn +openvpn_ldap_group_search_filter: # cn=OpenVPNUsers # Use simple authentication (default is disabled) openvpn_simple_auth: false diff --git a/templates/authentication/auth-ldap.conf.j2 b/templates/authentication/auth-ldap.conf.j2 index 5d49641..29b0081 100644 --- a/templates/authentication/auth-ldap.conf.j2 +++ b/templates/authentication/auth-ldap.conf.j2 @@ -45,10 +45,12 @@ # e.g. "sAMAccountName=%u" SearchFilter {{ openvpn_ldap_search_filter }} RequireGroup true + {% if openvpn_ldap_group_search_filter %} - BaseDN {{ openvpn_ldap_base_dn }} + BaseDN {{ openvpn_ldap_group_base_dn | default(openvpn_ldap_base_dn) }} # e.g. "cn=OpenVPNUsers" SearchFilter {{ openvpn_ldap_group_search_filter }} MemberAttribute Member + {% endif %}