Use the LDAP authentication plugin when you need to consult a Windows Active Directory or any LDAP-based user directory.
You will need to gather some details about your LDAP configuration, such as the search filter and attributes. You will also need the CA certificate for securing the TLS session with the LDAP server.
For a Windows AD backend, an example configuration for the
corp.example.com domain would be:
plugin: auth_ldap: enable: true ca_cert: ldap_ca.crt url: ldaps://Administrator:email@example.com/dc=corp,dc=example,dc=com filter: (&(objectClass=organizationalPerson)&(uid=%s)) attributes: dn,givenName,sn,cn
url should be specified as an LDAP URL, but no advanced operators are supported.
In the LDAP filter,
%s is replaced by the VPN username. Any returned LDAP attributes are made available to other VPN plugins.