Status of User Manager and VPNs
mjtbrady last edited by
I have been setting up an 2.0-RC3 (i386 built on Tue Jun 21 16:50:25 EDT 2011) system and just wanted to clarify my understanding of the current status of User Manager and the various VPNs. Please correct my possibly incorrect understandings below.
I have a Radius and LDAP server set up in User Manager.
But, the only VPN type that makes these available for use is currently OpenVPN?
L2TP and PPTP have their own user management tabs and IPSec only offers something called "system" for authentication, which isn't in User Manager.
Using groups with LDAP requires that the user object have a multi-value attribute that lists the groups that the user is in?
My only recent experience with using LDAP is with Samba 3/OpenLDAP and groups are not done this way. Groups exist as separate objects with objectClass posixGroup (and sambaGroupMapping) which has a multi-value attribute that lists the members. Group membership is then found with a filter along the lines of (&(objectClass=posixGroup)(uid=username)). I hacked auth.inc to do this only to find that there is no System Privilege for OpenVPN access? So although OpenVPN is the only VPN type to use the User Manager, it is the only VPN type that does not have a System Privilege and cannot therefore have access controlled via User Manager?
OpenVPN is the only VPN that currently uses the settings from the user manager. There is no privilege for OpenVPN access, not yet anyhow. Probably won't be in 2.0 since it's just about ready to ship.
Not sure about the LDAP bits.