https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_II.
Erklärungen OPENVPN mit LDAP User-Authentication II. - Versionsgeschichte
2026-06-29T07:53:44Z
Versionsgeschichte dieser Seite in Xinux Wiki
MediaWiki 1.35.1
https://wiki.ixheim.de/index.php?title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_II.&diff=57149&oldid=prev
Thomas.will am 6. Oktober 2024 um 15:13 Uhr
2024-10-06T15:13:42Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2024, 15:13 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l10" >Zeile 10:</td>
<td colspan="2" class="diff-lineno">Zeile 10:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><Authorization></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><Authorization></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* BaseDN - Der Basis-DN für die Suche. Hier auf "dc=<del class="diffchange diffchange-inline">vulkan</del>,dc=<del class="diffchange diffchange-inline">int</del>" gesetzt. Ändere dies bei Bedarf.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* BaseDN - Der Basis-DN für die Suche. Hier auf "dc=<ins class="diffchange diffchange-inline">lab34</ins>,dc=<ins class="diffchange diffchange-inline">linuggs,dc=de</ins>" gesetzt. Ändere dies bei Bedarf.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* SearchFilter - Der Filter für die Suche nach dem Benutzer. "(sAMAccountName=%u)" sucht nach dem Benutzername, und "(memberOf=CN=vpnuser,CN=Users,DC=lab34,DC=linuggs,DC=de)" überprüft, ob der Benutzer Mitglied der Gruppe "vpnuser" ist.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* SearchFilter - Der Filter für die Suche nach dem Benutzer. "(sAMAccountName=%u)" sucht nach dem Benutzername, und "(memberOf=CN=vpnuser,CN=Users,DC=lab34,DC=linuggs,DC=de)" überprüft, ob der Benutzer Mitglied der Gruppe "vpnuser" ist.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* RequireGroup - Steuert, ob die Gruppenzugehörigkeit zwingend erforderlich ist. "false" bedeutet, dass der Benutzer auch ohne Mitgliedschaft in "vpnuser" autorisiert werden kann.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* RequireGroup - Steuert, ob die Gruppenzugehörigkeit zwingend erforderlich ist. "false" bedeutet, dass der Benutzer auch ohne Mitgliedschaft in "vpnuser" autorisiert werden kann.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></Authorization></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></Authorization></div></td></tr>
</table>
Thomas.will
https://wiki.ixheim.de/index.php?title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_II.&diff=57141&oldid=prev
Thomas.will am 6. Oktober 2024 um 14:58 Uhr
2024-10-06T14:58:11Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="de">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2024, 14:58 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Zeile 1:</td>
<td colspan="2" class="diff-lineno">Zeile 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><LDAP></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><LDAP></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>URL <del class="diffchange diffchange-inline"> </del>ldaps<del class="diffchange diffchange-inline">://</del>win2022.lab34.linuggs.de</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>URL <ins class="diffchange diffchange-inline">- Gibt die URL des LDAP-Servers an. In diesem Fall wird eine sichere Verbindung (</ins>ldaps<ins class="diffchange diffchange-inline">) zu "</ins>win2022.lab34.linuggs.de<ins class="diffchange diffchange-inline">" verwendet.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>BindDN <del class="diffchange diffchange-inline"> </del>"cn=vpnservice,cn=Users,dc=lab34,dc=linuggs,dc=de"</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>BindDN <ins class="diffchange diffchange-inline">- Der Distinguished Name (DN) des Service-Benutzers, der sich am LDAP-Server authentifiziert. Hier wird </ins>"cn=vpnservice,cn=Users,dc=lab34,dc=linuggs,dc=de" <ins class="diffchange diffchange-inline">verwendet.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>Password <del class="diffchange diffchange-inline"> </del>"12345-Xinux"</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>Password <ins class="diffchange diffchange-inline">- Das Passwort des Service-Benutzers. In diesem Beispiel: </ins>"12345-Xinux"<ins class="diffchange diffchange-inline">.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>Timeout <del class="diffchange diffchange-inline"> </del>15</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>Timeout <ins class="diffchange diffchange-inline">- Die maximale Zeit (in Sekunden) für die LDAP-Anfrage. Hier auf </ins>15 <ins class="diffchange diffchange-inline">Sekunden gesetzt.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>TLSEnable <del class="diffchange diffchange-inline"> </del>no</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>TLSEnable <ins class="diffchange diffchange-inline">- Gibt an, ob TLS für die LDAP-Verbindung aktiviert ist. "</ins>no<ins class="diffchange diffchange-inline">" bedeutet, dass TLS nicht aktiviert ist.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>FollowReferrals no</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>FollowReferrals <ins class="diffchange diffchange-inline">- Steuert, ob LDAP-Referenzen verfolgt werden. "</ins>no<ins class="diffchange diffchange-inline">" bedeutet, dass keine Weiterleitungen verfolgt werden.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>TLSCACertFile <del class="diffchange diffchange-inline"> </del>/etc/openvpn/lab34-ca.crt</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>TLSCACertFile <ins class="diffchange diffchange-inline">- Pfad zur CA-Zertifikatsdatei für TLS-Verbindungen. In diesem Fall: "</ins>/etc/openvpn/lab34-ca.crt<ins class="diffchange diffchange-inline">".</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></LDAP></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></LDAP></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><Authorization></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><Authorization></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>BaseDN <del class="diffchange diffchange-inline"> </del>"dc=vulkan,dc=int"</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>BaseDN <ins class="diffchange diffchange-inline">- Der Basis-DN für die Suche. Hier auf </ins>"dc=vulkan,dc=int" <ins class="diffchange diffchange-inline">gesetzt. Ändere dies bei Bedarf.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>SearchFilter <del class="diffchange diffchange-inline"> </del>"<del class="diffchange diffchange-inline">(&</del>(sAMAccountName=%u)(memberOf=CN=vpnuser,CN=Users,DC=lab34,DC=linuggs,DC=de)<del class="diffchange diffchange-inline">)</del>"</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>SearchFilter <ins class="diffchange diffchange-inline">- Der Filter für die Suche nach dem Benutzer. </ins>"(sAMAccountName=%u)<ins class="diffchange diffchange-inline">" sucht nach dem Benutzername, und "</ins>(memberOf=CN=vpnuser,CN=Users,DC=lab34,DC=linuggs,DC=de)" <ins class="diffchange diffchange-inline">überprüft, ob der Benutzer Mitglied der Gruppe "vpnuser" ist.</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>RequireGroup <del class="diffchange diffchange-inline"> </del>false</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>RequireGroup <ins class="diffchange diffchange-inline">- Steuert, ob die Gruppenzugehörigkeit zwingend erforderlich ist. "</ins>false<ins class="diffchange diffchange-inline">" bedeutet, dass der Benutzer auch ohne Mitgliedschaft in "vpnuser" autorisiert werden kann.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></Authorization></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></Authorization></div></td></tr>
</table>
Thomas.will
https://wiki.ixheim.de/index.php?title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_II.&diff=57140&oldid=prev
Thomas.will: Die Seite wurde neu angelegt: „ <LDAP> URL ldaps://win2022.lab34.linuggs.de BindDN "cn=vpnservice,cn=Users,dc=lab34,dc=linuggs,dc=de" Password…“
2024-10-06T14:58:00Z
<p>Die Seite wurde neu angelegt: „ <LDAP> URL ldaps://win2022.lab34.linuggs.de BindDN "cn=vpnservice,cn=Users,dc=lab34,dc=linuggs,dc=de" Password…“</p>
<p><b>Neue Seite</b></p><div><br />
<LDAP><br />
URL ldaps://win2022.lab34.linuggs.de<br />
BindDN "cn=vpnservice,cn=Users,dc=lab34,dc=linuggs,dc=de"<br />
Password "12345-Xinux"<br />
Timeout 15<br />
TLSEnable no<br />
FollowReferrals no<br />
TLSCACertFile /etc/openvpn/lab34-ca.crt<br />
</LDAP><br />
<br />
<Authorization><br />
BaseDN "dc=vulkan,dc=int"<br />
SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=vpnuser,CN=Users,DC=lab34,DC=linuggs,DC=de))"<br />
RequireGroup false<br />
</Authorization></div>
Thomas.will