As someone who values OpenVPN being one of the greatest opensource VPN solutions, in addition to having gone through series of challenges with AD Authentication some Linux distros, therefore I decided to code my own Python Module, that Handles AD/LDAP Flawlessly, without relying on the OS environment where OpenVPN is run.
Disclaimer: This should NOT be a go to solution as it introduces a form of security non-compliance concerns if not regulated. Although this script could be used just about anywhere, it should NOT be required for Centos 7 and Ubuntu 18+.
Kerberos, PAM, and OpenVPN LDAP plugin are more than sufficient to get the job done. Yes, they’re a bit complex, but highly secured compared to this approach. This is a last resort – type of thing.
My auth module aims to completely eliminate the need for PAM, NSS, Kerberos and even OpenVPN LDAP Authentication module altogether
There are a number of challenges out there, like getting Centos 8 OpenVPN LDAP module (as of the time of writing this article Centos 8 did NOT have openvpn LDAP plugin namely openvpn-auth-ldap available).
Furthermore, PAMd, NSS, OpenVPN could also become quite problematic on some Linux distros. Even when SSSd is properly configured and working, in a matter of days, the authentication may halt, while sssd is still running, and simply restarting the service fixes it.
As a matter of fact, running in a production environment, you try to have the least escalations possible, thus, I needed something solid, something that will work each time with 100% guaranteed success while being completely independent of the OS and it’s components, and that’s the birth of my authentication module.
Openvpn Offcial Site – Manual