The Foxpass Developer Hub

Welcome to the Foxpass developer hub. You'll find comprehensive guides and documentation to help you start working with Foxpass as quickly as possible, as well as support if you get stuck.

Get Started    API Reference

OpenVPN via LDAP

OpenVPN authentication with LDAP, powered by Foxpass.

Before you get started...

A member of the Foxpass community, Aaron Vinson, has released a Docker container with OpenVPN integrated with Foxpass. Check it out here:

Here's how to set up OpenVPN authentication with LDAP, powered by Foxpass.

First, log into Foxpass and do the following:

  1. Note your Base DN on the dashboard page. Copy/paste it somewhere.
  2. Create an LDAP Binder account with the name 'openvpn' on the LDAP binders page. Copy/paste the generated password! It is only displayed once.

OpenVPN LDAP configuration:

# LDAP server URL
URL ldaps://

BindDN cn=<binder name>,dc=example,dc=com

# Bind Password
Password "**"

# Network timeout (in seconds)
Timeout 15

# Disable Start TLS
TLSEnable no

# Follow LDAP Referrals (anonymously)
FollowReferrals yes

# TLS CA Certificate File
#TLSCACertFile /usr/local/etc/ssl/ca.pem

# TLS CA Certificate Directory
#TLSCACertDir /etc/ssl/certs

# Client Certificate and key
# If TLS client authentication is required
#TLSCertFile /usr/local/etc/ssl/client-cert.pem
#TLSKeyFile /usr/local/etc/ssl/client-key.pem

# Cipher Suite
# The defaults are usually fine here

# Base DN
BaseDN "ou=people,dc=example,dc=com"

# User Search Filter
SearchFilter "(&(uid=%u))"

# Require Group Membership
RequireGroup false

# If you want to limit to certain group(s), set RequireGroup to true (above)
# uncomment below and edit the BaseDN and SearchFilter line
# BaseDN "ou=groups,dc=example,dc=com"
# SearchFilter "(|(cn=developers)(cn=artists))"
# MemberAttribute member

Updated 8 months ago

OpenVPN via LDAP

OpenVPN authentication with LDAP, powered by Foxpass.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.