ops.point808.com/ovpn-ad-sync
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated readme

Browse Source
This commit is contained in:
Josh North 2014-12-03 14:07:34 -05:00
parent 29ff86a7ab
commit 2cb12dc042
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -3,6 +3,11 @@ ovpn-ad-sync
Script to synchronize AD/LDAP users with OpenVPN config files and email user certificates and a setup guide to end users. This script is a very rudimentary hack to fill my purpose. It may or may not work for you. It could also be put to use with LDAP with minimal modification even though I wrote it for an Active Directory environment. Script to synchronize AD/LDAP users with OpenVPN config files and email user certificates and a setup guide to end users. This script is a very rudimentary hack to fill my purpose. It may or may not work for you. It could also be put to use with LDAP with minimal modification even though I wrote it for an Active Directory environment.
Author:
Josh North 2014-12-01
josh.north@point808.com
Free for use and modification. Credit is appreciated if you do anything with it but nothing is required.
Theory: Theory:
Basically, the script should be run on a cron schedule. At run, it searches all users in a specified AD group. It then checks to see if subdirectories exist for the user, if not, it decides to create them. It then loops through to look for directories that do not have a corresponding user in the AD list and deletes them. It technically (at this point) does not revoke access and restart the vpn, this is IMPORTANT, because in my setup we are authenticating against AD anyway as a second layer. This is not fully secure but like I said, it is a major work in progress. Basically, the script should be run on a cron schedule. At run, it searches all users in a specified AD group. It then checks to see if subdirectories exist for the user, if not, it decides to create them. It then loops through to look for directories that do not have a corresponding user in the AD list and deletes them. It technically (at this point) does not revoke access and restart the vpn, this is IMPORTANT, because in my setup we are authenticating against AD anyway as a second layer. This is not fully secure but like I said, it is a major work in progress.