Any plans for LDAP authentication?

[pisifisi]

"Hey buddy, you'll never believe what I've got in store for you. As a young, 21-year-old ebony male with an insatiable appetite for live sex cams, I've built up quite the collection of top-notch webcam models and sex chat sites. And let me tell you, it's a treasure trove of pleasure that I can't wait to share with you.
https://bbwwebcam.me/chat/sheenajomason
https://cosplaycam.net/chat/kaorifox
https://thegaywebcamchat.com/chat/for3verboy
https://indiancamgirls.org/pvt
https://thegaysexchat.com/gay
You see, these live cams are not your average run-of-the-mill porn videos. No, no, no. These are interactive experiences that will leave you ravenous and begging for more. With a few clicks, you'll be transported into a world of pure ecstasy, where your deepest desires come to life before your very eyes.

[fenice]

You could take a look at github and see if any RFEs have been filed for this, if there isn't already a request for LDAP authentication then file an RFE for it and reasons/explanation of why it's important.

[ethanolson]

LDAP authentication may not come for a long time, if ever. You can pull it off where it filters on group through Network Policy Server, which you can spin up easily in your environment (on a server within the AD domain) and just have SE talk to it with the RADIUS protocol. That's how I've got my SE VPN setup and that's how I've got my WiFi setup (WPA2-Enterprise). It only allows members of certain groups... and it only costs you a little time to setup (minutes) since you're already using Microsoft servers and they have NPS as a role that can be enabled. Just don't run NPS on the SE server because their listeners will conflict. I run NPS on my domain controller.

In NPS...
1. create a RADIUS Client, let's call it SoftEther-VPN1
-enter the SE VPN server's IP address
-create or generate a shared secret (capture it so you can enter it in SE)
-ensure it's using RADIUS Standard as the vendor name on the Advanced tab
2. create a Connection Request Policy, maybe call it SoftEther VPN Connection
-on the Overview tab, ensure the policy is enabled and the type of network access server is Unspecified
-on the Conditions tab, add a Client Friendly Name and enter the RADIUS Client name exactly, which in this example is SoftEther-VPN1
-on the Settings tab, only ensure that Authentication is set to authenticate on this server. Leave everything else alone.
-now that it's created, sort the list of policies so the rule comes before the deny rules
3. create a Network Policy, maybe call it SoftEther VPN Network Policy
-on the Overview tab, ensure the policy is enabled, Grant Access = selected, Ignore user account dial-in properties = checked, type of network access server is Unspecified
-on the Conditions tab, add NAS Identifier and enter SoftEther VPN Server
-still on the Conditions tab, add User Groups and select the group(s) in AD you want to be able to connect through the VPN
-on the Constraints tab, under Authentication Methods, check the box for MS-CHAP-v2 and PAP. You may want to setup PEAP/EAP-MSCHAPv2 depending on how your SE server is configured.
-on the Constraints tab, under NAS Port Type, check the box for Virtual (VPN)
-on the Settings tab, under Standard, ensure Framed-Protocol = PPP and Service-Type = Framed. If neither are present, add them.
-on the Settings tab, under Encryption, I suggest you check the box for Strongest, which forces a requirement for 128-bit or higher encryption.
-now that it's created, sort the list of policies so the rule comes before the deny rules

In SE
4. configure RADIUS within your Virtual Hub
-ensure you have a user where the username is an asterisk (yes, the username is *) and they're set to use RADIUS authentication
-under the hub's Authentication Server Settings, enter the RADIUS connection info (IPv4, port 1812, shared secret from step 1 above)