I'd like to announce the first release candidate of version 2.0 of my LDAP authentication plugin for OpenVPN
This release is a vast improvement on the rudimentary 1.0 plugin -- new features include:
I hope that this plugin will serve as a solid base for adding additional OpenVPN-specific LDAP features, such as the PF firewall integration, or group-based application of OpenVPN configuration directives (planned for 2.0.1).
The plugin should work against any standard LDAP server, including Active Directory and OpenLDAP. While certain features (eg packet filter integration) are OS-specific, the general functionality of the plugin has been tested on Linux and FreeBSD, and should work on any UNIX-like operating system.
I'd like to strongly encourage any interested parties to try the plugin out -- We're using this code in production, and barring any unexpected issues, this release candidate will become the final release. This code should be fairly solid -- it has near 100% unit test coverage, has been subject to full regression testing, and has been rigorously tested for code errors and memory leaks under valgrind. The code also operates flawlessly inside of chrooted OpenVPN instance.
Built with the distribution is an independent plugin driver that can be used to test the plugin and your configuration outside of OpenVPN. After you have built the plugin, the driver can be run as follows:
./src/testplugin <config file>