Skip to content
 

OpenVPN LDAP authentication

2 Comments

  1. Manu says:

    with ldapsearch you may prefer to -j instead of -w :

    -j file read bind passwd (for simple authentication)
    -w passwd bind passwd (for simple authentication)

    So no need to obfuscate anything and a simple :

    ps -ef

    don'l let people sharing with you the server discover your password

    • waldner says:

      My version of ldapsearch doesn't have the -j option, however I see it does have a -y file option which I suppose will do something very similar.

      However, since then ps -ef would show the name of the file where you stored the password, it should be made readable only by root or by the user running the openVPN script.