Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Granting SSL-VPN access to an LDAP the service user

LDAP authentication of an SSL-VPN connection requires a service-user LDAP authentication profile, which is configured in the following file:

resources service-users ldap profilename

Details on how to set up a service LDAP authentication profile are covered in Service User Management.

To enable SSL-VPN authentication against an LDAP service-user authentication profile with a profile name of example.com, the profile name just has to be referred to in the openvpn vtunX auth command for the interfaces, as shown here:

vyatta@vyatta# set resources service-users ldap example.com ....
vyatta@vyatta# set interfaces openvpn vtunX auth ldap example.com
vyatta@vyatta# commit

The preceding configuration change allows access to SSL-VPN for all users who can authenticate themselves with their LDAP credentials against the example.com LDAP profile.