This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the LDAP protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.
Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.
- Log in to the OpenVPN Admin Web UI.
- Select in the left menu.
- In the LDAP Settings area, set the following fields:
-
Primary Server
-
Add the IP address of Universal Proxy.
-
Case-sensitive login
-
Switch the toggle button to
Yes.
-
Use these credentials:
-
Switch the toggle button to
Yes.
-
Bind DN:
-
Add the admin user name configured for LDAP authentication in the following format:
CN=Admin,CN=Users,DC=domain,DC=country_code
-
Password:
-
Enter the LDAP admin user password.
-
Base DN for User Entries:
-
Enter the Base DN under which the users are located, in the following format:
DC=domain,DC=country_code.
-
Username Attribute:
-
samAccountname
- Click Save Settings.
- Click Update Running Server.
- Increase the authentication timeout to 61 seconds.
You can only change the authentication timeout settings from CLI:
Run the following command as a root user:
/usr/local/openvpn_as/scripts/sacli --key "auth.ldap.0.timeout" --value "61" configput
service openvpnas restart
- If the LDAP module is not already in use click Use LDAP then Update Running Server.
Results: Your OpenVPN Access Server is now configured to use LDAP protocol for authentication.
