[eduVPN-deploy] RE : ACL Profile

rasolrij rija.rasolo at univ-rouen.fr
Tue Mar 24 11:58:04 CET 2020 

Hi,
Finally, i figured out what to put in this « aclPermissionList » variable .
Here is my configuration :
--------------------------------------------------------------------
/etc/vpn-server-api/config.php
'enableAcl' => true,
      'aclPermissionList' =>
      array (
        'cn=vpn,ou=groups,dc=myuniversity,dc=fr',
      ),
/etc/vpn-user-portal/config.php
'FormLdapAuthentication' => [
    // *** OpenLDAP ***
    'ldapUri' => 'ldap://myldap.mydomain.fr',
    'bindDnTemplate' => 'uid={{UID}},ou=people,dc=myuniversity,dc=fr',
    'permissionAttribute' => 'memberOf',
    ],
'adminPermissionList' => ['cn=vpn.admin,ou=groups,dc= myuniversity,dc=fr'],


Everything is working fine.
Thanks for your help.


Regards
Rija

De : François Kooman
Envoyé le :lundi 23 mars 2020 20:19
À : rasolrij; eduvpn-deploy at list.surfnet.nl
Objet :Re: [eduVPN-deploy] ACL Profile

On 3/23/20 8:11 PM, rasolrij wrote:
> Hi,

Hi Rija,

> I would like to use ACL with LDAP to manage VPN profiles.
> 
> LDAP config is working fine (|FormLdapAuthentication| ). I can log to
> eduvpn web interface but no profile filtering.
> 
> How do i filter on a Ldap group in aclPermissionList ?
> 
> What is the syntax ?
> 
> Anyone can help ?

There are two documents relevant for this:

1. https://github.com/eduvpn/documentation/blob/v2/ACL.md
2. https://github.com/eduvpn/documentation/blob/v2/LDAP.md

The idea is to set the permissionAttribute in the LDAP configuration in
/etc/vpn-user-portal/config.php to e.g. "memberOf", as in the example.

The the *values* that attribute can have are configured in the
aclPermissionList in /etc/vpn-server-api/config.php. Do not forget to
also set enableAcl to true there.

This should be all that is required. The syntax is explained in the
documentation. You can also check the example configuration files that
contain comments as well [1,2].

Let me know if it is not clear yet!

Regards,
François

[1]
https://github.com/eduvpn/vpn-user-portal/blob/v2/config/config.php.example
[2]
https://github.com/eduvpn/vpn-server-api/blob/v2/config/config.php.example



-- 
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20200324/5e7edf73/attachment.html>

More information about the eduVPN-deploy mailing list