gracias por tus consejos
ya lo tengo todo montado, cuando intento hacer login con un usario de un grupo determinado me falla, dándome el siguiente error
AUTH-PAM: BACKGROUND: user 'rodrigj' failed to authenticate: Authentication fail ure
Fri Aug 22 10:22:23 2014 10.30.113.2:47304 PLUGIN_CALL: POST /usr/lib/openvpn/op envpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Fri Aug 22 10:22:23 2014 10.30.113.xx:47304 PLUGIN_CALL: plugin function PLUGIN_A UTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-plugin-auth- pam.so
Fri Aug 22 10:22:23 2014 10.30.113.2:47304 TLS Auth Error: Auth Username/Passwor d verification failed for peer
ldap.conf
root@gstzentyal:/var/lib/zentyal/CA/certs# cat /etc/openvpn/auth/ldap.conf
<LDAP>
# LDAP server URL
URL ldap://miip
# Bind DN (If your LDAP server doesn't support anonymous binds)
# BindDN uid=Manager,ou=People,dc=example,dc=com
# Bind Password
# Password SecretPassword
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
#TLSEnable yes
TLSEnable no
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
# TLS CA Certificate File
#TLSCACertFile /usr/local/etc/ssl/ca.pem
TLSCACertFile /var/lib/zentyal/CA/certs/07CEASDDBD98.pem
# TLS CA Certificate Directory
TLSCACertDir /var/lib/zentyal/CA/certs/
# Client Certificate and key
# If TLS client authentication is required
# TLSKeyFile /var/lib/zentyal/CA/keys/Juan.pem
# TLSCertFile /var/lib/zentyal/CA/keys/07CE9398A73E3B8E.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
# Base DN
BaseDN "OU=Users,OU=Accounts,OU=COMPANY,DC=gst,DC=local"
# User Search Filter
#SearchFilter "(&(uid=%u)(accountStatus=active))"
SearchFilter "sAMAccountName=%u"
# Require Group Membership
RequireGroup yes
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
<Group>
BaseDN "OU=Users,OU=Accounts,OU=COMPANY,DC=gst,DC=local"
#BaseDN "ou=Groups,dc=example,dc=com"
#SearchFilter "(|(cn=developers)(cn=artists))"
MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
</Group>
</Authorization>
cuando uso el adm del dominio si me conecta correctamente
los dn son los correctos