Authentication: LDAP

About the Page

Authentication: LDAP allows you to configure the Authentication protocol for LDAP. LDAP requires the most settings to configure and requires the most specialization in which you must have same basic knowledge of the LDAP syntax. You must also have an LDAP server already prepared if you want Access Server to authenticate using the LDAP protocol. For information for configuring Access Server with LDAP Authentication, please read our OpenVPN Access Server on Active Directory via LDAP guide before adjusting these settings.

LDAP Settings Page:

LDAP settings

LDAP Settings

With LDAP, you can use an Active Directory domain controller or other LDAP server to validate user credentials. Define these settings for Access Server to properly look-up user credentials when attempting to authenticate. Be aware that LDAP authentication is not case-sensitive (with the exception of a user's password) but Access Server is. If you configure settings in Access Server for a user named jimmy as Jimmy, then you may be able to give this user access to the Server but none of the configuration settings will be applied to the user. Again, this phenomena is described in the OpenVPN Access Server on Active Directory via LDAP guide.

NOTE: These settings will in no way affect the configuration of the LDAP server itself. Access Server will only look-up the provided credentials and grant access if matching credentials are found in the LDAP server and if the conditions for access defined in Access Server are met.

LDAP Settings section.

LDAP settings

Simplified server configuration

Define a Primary Server, either as a hostname or IP Address. Specifying a Secondary Server is optional. If present, Access Server attempts to communicate with the Secondary Server when the connection with the Primary Server fails.

Use SSL to connect to LDAP servers

This setting establishes a secure, SSL-protected connection to the LDAP servers(s) for all LDAP operations.

Credentials for Initial Bind

This setting determines if Access Server will bind to the LDAP server anonymously or with specified credentials for the initial bind.

Base DN for User Entries

This base DN will be used when Access Server performs an LDAP query to find the user's entry.

Username Attribute

This is the attribute whose value must match the username entered by the user at the login page.

Additional LDAP Requirements

This optional setting specifies a restriction (in LDAP query form) on a user's LDAP entry that must be true for the authentication to succeed. This can be used to require membership in a particular LDAP group (specified by its group DN) for all users permitted to authenticate to the Access Server.


Authentication: LDAP allows configuration of the settings for authenticating users with an LDAP server. It is necessary to define these settings if you want to secure authentication with the constraints defined by your LDAP server. We have also provided a brief guide about configuring Access Server for authenticating using LDAP in which we highly suggest you read it if you wish to configure Access Server with LDAP. If you wish to configure Access Server using Google Secure LDAP, please read this article instead.