When setting up an OpenVPN appliance, you have the ability to use LDAP as your preferred authentication method. In this particular scenario, I was tasked with limiting it down to a user security group in LDAP, so the Advanced section was required in this case. The following show
s a working sample. A couple of the things I had to overcome:
The CN wasn’t what I had expected on the vpnuser account. You can find the full DN using a tool by SysInternals called Active Directory Explorer
I had copied the path directly from Active Directory Explorer but did not initially realize it appends additional information to the end of the path which causes an error. The length of my entry exceeded the length of the visible box unfortunately so I couldn’t initially see the appended text.
There are no additional permissions required for the user account. Domain users without machine login will work fine.
The following indicates: User must be a member of the group “vpn users”, located in the OU structure Main Office> Security & Distribution on the int.myoffice.com domain.
memberOf=CN=vpn users, OU=Security & Distribution Groups, OU=mainoffice,DC=int,DC=myoffice,DC=com