#!/bin/sh
set -e
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun

auth_ldap_url=$(cat /run/secrets/auth_ldap_url)
auth_ldap_bind_dn=$(cat /run/secrets/auth_ldap_bind_dn)
auth_ldap_password=$(cat /run/secrets/auth_ldap_password)
auth_ldap_base_dn=$(cat /run/secrets/auth_ldap_base_dn)
auth_ldap_group_base_dn=$(cat /run/secrets/auth_ldap_group_base_dn)
auth_ldap_group_search_filter=$(cat /run/secrets/auth_ldap_group_search_filter)

cat > /etc/openvpn/server/server.example.test/auth-ldap.conf << EOF
<LDAP>
	URL $auth_ldap_url
	BindDN $auth_ldap_bind_dn
	Password $auth_ldap_password
	Timeout 15
	TLSEnable no
	FollowReferrals no
</LDAP>
<Authorization>
	BaseDN "$auth_ldap_base_dn"
	SearchFilter "(uid=%u)"
	RequireGroup false
	PasswordIsCR false
	<Group>
        RFC2307bis false
	    UseCompareOperation true
		BaseDN "$auth_ldap_group_base_dn"
		SearchFilter "$auth_ldap_group_search_filter"
		MemberAttribute	memberUid
	</Group>
</Authorization>
EOF

chmod 600 /etc/openvpn/server/server.example.test/auth-ldap.conf

/usr/sbin/openvpn --config /etc/openvpn/server/server.example.test.conf