Granting SSL-VPN access to an LDAP the service user
LDAP authentication of an SSL-VPN connection requires a service-user LDAP authentication profile, which is configured in the following file:
resources service-users ldap profilename
Details on how to set up a service LDAP authentication profile are covered in Service User Management.
To enable SSL-VPN authentication against an LDAP service-user authentication profile with a profile name of example.com, the profile name just has to be referred to in the openvpn vtunX auth command for the interfaces, as shown here:
vyatta@vyatta# set resources service-users ldap example.com .... vyatta@vyatta# set interfaces openvpn vtunX auth ldap example.com vyatta@vyatta# commit
The preceding configuration change allows access to SSL-VPN for all users who can authenticate themselves with their LDAP credentials against the example.com LDAP profile.