|
|
* Alon Bar-Lev <alon.barlev@xxxxxxxxx>:
> Nuno Marques wrote:
> >Hi,
> >
> >I'm giving a different certificate to each user, and all the
> >ceertificates have the correct username in them, but I also need the
> >username/password to validate the user in the Active Directory, so it
> >can happen that one user have one certificate with common name John Doe,
> >but when asked for user/pass to perform validation in the AD puts Robert
> >Doe.
> >
> >If the Robert Doe user exists in the AD and the password entered is
> >correct, that user will login with an ID different of the one present in
> >the certificate.
I asked for the same, 3 weeks ago.
The solution:
auth-user-pass-verify /usr/local/scripts/ucn.pl via-env
ucn.pl is attached
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@xxxxxxxxxx
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to spamtrap@xxxxxxxxxx
#!/usr/bin/perl -t
# OpenVPN --auth-user-pass-verify script.
# Only authenticate if username equals common_name.
# In OpenVPN config file:
# auth-user-pass-verify ./ucn.pl via-env
$username = $ENV{'username'};
$common_name = $ENV{'common_name'};
@common_name_array = split(/\./, $common_name);
#print $username;
#print $common_name_array[0];
exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name_array[0]);
# END
|