1
I Use This!
Activity Not Available
Analyzed 10 months ago. based on code collected 10 months ago.

Project Summary

DescriptionThe OpenVPN Auth-LDAP Plugin implements username/password authentication via LDAP for OpenVPN 2.x.

FeaturesUser authentication against LDAP. Simple Apache-style configuration file. LDAP group-based access restrictions. Integration with the OpenBSD packet filter, supporting adding and removing VPN clients from PF tables based on group membership. Tested against OpenLDAP, the plugin will authenticate against any LDAP server that supports LDAP simple binds -- including Active Directory. BuildingRequirementsOpenLDAP Headers and Library GNU Objective-C Compiler OpenVPN Plugin Header (included with the OpenVPN sources) re2c (used for the configuration file lexer) To build, you will need to configure the sources appropriately. Example:

./configure --prefix=/usr/local --with-openldap=/usr/local --with-openvpn=/usr/ports/security/openvpn/work/openvpn-2.0.2The module will be build in src/openvpn-auth-ldap.so and installed as ${prefix}/lib/openvpn-auth-ldap.so.

UsageAdd the following to your OpenVPN configuration file (adjusting the plugin path as required):

plugin /usr/local/lib/openvpn-auth-ldap.so ""The config directive must point to an auth-ldap configuration file. An example configuration file is provided with the distribution, or see the Configuration page.

SecurityPlease report all security issues directly to landonf+security (at) bikemonkey (dot) org.

Through the use of extensive unit testing, valgrind, and regression testing, we are very confident in the overall code quality of the plugin. There has been one security vulnerability to date, due to misinterpretation of LDAP RFCs.

2006-12-02: OpenVPN Auth-LDAP would accept empty passwords when validating against Novell Directory Server. This is known to not affect default installs of OpenLDAP (our test platform). Strict implementation of the LDAP RFCs requires that a directory server treat a bind with a valid DN and an empty password as an "anonymous" bind. If anonymous binds are enabled, this could lead to password bypass.

Tags

ldap pf openvpn threerings

In a Nutshell, openvpn-auth-ldap...

This Project has No vulnerabilities Reported Against it

Did You Know...

  • ...
    Black Duck offers a free trial so you can discover if there are open source vulnerabilities in your code
  • ...
    learn about Open Hub updates and features on the Open Hub blog
  • ...
    65% of companies leverage OSS to speed application development in 2016
  • ...
    data presented on the Open Hub is available through our API

Languages

Languages?height=75&width=75
C
50%
Objective-C
28%
shell script
12%
5 Other
10%

30 Day Summary

Apr 9 2016 — May 9 2016

12 Month Summary

May 9 2015 — May 9 2016

Ratings

Be the first to rate this project
Click to add your rating
   Spinner
Review this Project!