LDAP configuration in SRX Dynamic VPN

I am writing in this post how we can configure our openldap server in a linux system and let dynamic VPN users in SRX authenticate through it. As installing ldap isn’t covered in this post, please check your Linux distribution’s documentation. My test system involves the following components and path names may change depending on your Linux distribution:

Gentoo Linux
SRX 210 Junos 10.4R10.7
Openldap 2.4.30

Let’s start with LDAP configuration in Linux

LDAP Configuration

1) Make sure following schema are enabled in /etc/openldap/slapd.conf

2) Create a file name neworg.ldif with the following content

WARNING: I assume your suffix variable is also set to “dc=example,dc=net” in your slapd.conf

3) Add your organization into ldap via the following command.

Note: Make sure you replace “cn=Manager,dc=example,dc=net” with your rootdn to login properly.

4) Create the following file with the name srx_user.ldif

5) Add the new user we have in srx_user.ldif file as below;

Now we should have a working user configuration in LDAP if you haven’t received any error so far.

Check if you can query your user in LDAP via ;

If you see the user you have just added, it should be ok.

SRX LDAP Configuration

Below I am sharing my current working access profile configuration in SRX. I have tested and it is working. I am not adding entire dynamic vpn configuration as the purpose of this post is to show how SRX and LDAP can be integrated in dynamic VPN. If you want to take a look at http://rtodto.net/2011/08/09/dynamic-vpn-in-srx/

After this configuration, dynamic vpn user named “genco” should be able to log into the system with the password registered in “userPassword” field in his ldap entry.

You have a feedback?