[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

Configuring OpenVPN to use JumpCloud's LDAP-as-a-Service

Prerequisites:

See Using JumpCloud's LDAP-as-a-Service to obtain the JumpCloud specific settings required below.
 

Version Details:
Configuration options were qualified using the OpenVPN Virtual Appliance v 2.6.1 via the included Admin UI and the OpenVPN documentation for configuring LDAP authentication.

 

Configuring OpenVPN for LDAP Authentication and Authorization


LDAP Settings:
Primary server: ldap.jumpcloud.com
Use SSL to connect to LDAP servers: On (SSL/TLS port 636)
Credentials for Initial Bind: ‘Use these credentials’ select On
Bind DN: uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Password: LDAP_BINDING_USER_PASSWORD
Username Attribute: uid

 
(Optional) Group Setting:

You may add a requirement for LDAP group membership to control user access.
To leverage LDAP Groups, see Creating LDAP Groups

 
Additional LDAP Requirement: memberOf=cn=GROUP_NAME,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
 
 


 

Testing OpenVPN Authentication and Authorization

The OpenVPN Access Server provides a command line utility "authcli" that can be used to validate your JumpCloud Directory-as-a-Service authentication and authorization configuration.  

PATH:  /usr/local/openvpn_as/scripts/authcli
USAGE:  authcli --user JumpCloud_Username


Troubleshooting OpenVPN Authentication and Authorization

For additional diagnostic information, you can enable Debug Level logging within the OpenVPN Access Server 'as.conf' configuration file, restart the service and review the verbose log messages within the default "/var/log/openvpnas.log" file.

$ sudo echo "DEBUG_AUTH=true" >> /user/local/openvpn_as/etc/as.conf
$ sudo service openvpnas restart

Once troubleshooting has been completed, edit the configuration file to comment out the DEBUG reference and restarted the service to return to normal operation.

#DEBUG_AUTH=true
$ sudo service openvpnas restart

 

OpenVPN Documentation

Please review the OpenVPN Site for complete documentation on troubleshooting authentication and enabling debug level logging.


 
 

Last Updated: Apr 08, 2019 10:39AM MDT

Related Articles
desk-forwarding@jumpcloud.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete