http://forum.pfsense.org/index.php/topic,14946.0.html
Here's a quick and dirty guide on getting OpenVPN to authenticate against LDAP in pfSense 1.2.2. This may not work for every install, but it worked on a bare install for me. I suggest you have a functional OpenVPN server instance before making these changes:
On the pfsense box:
1. User pkg_add -r to install the following packages: openvpn-auth-ldap, gcc43, gmake, texinfo
- texinfo and gmake are not explicitly needed for this install, but some FreebSD 7.0 ports fail on installation without them
2. Under VPN -> OpenVPN -> Server, add plugin /usr/local/lib/openvpn-auth-ldap.so /usr/local/etc/auth-ldap.conf to the Custom Options field of the server instance which will be tying to LDAP.
3. Paste the openvpn-auth-ldap configuration template from http://code.google.com/p/openvpn-auth-ldap/wiki/Configuration into /usr/local/etc/opencpn-auth-ldap.conf (or whichever location you would like to use, just make sure that the line in your openvpn Custom Options from step 2 matches this location). Edit this configuration to your liking.
4. Symlink /usr/local/lib/gcc-4.3.0/libobjc.so.2 to /usr/local/lib/libobjc.so.3
5. Restart the OpenVPN service with killall -HUP openvpn, or by clicking Save on the WebGUI configuration page.
On clients
The only change that need to be made on connecting client configurations is the addition of the auth-user-pass directive. Upon connecting, the client will ask for a username and password which will be forwarded to the server for authentication, and the server will be checking those supplied credentials against the LDAP server specified in the openvpn-auth-ldap configuration file.
** NOTES **
If anyone has a clean way to solve the missing libobjc.so.3 library, throw it up here. If that gets solved, then this whole setup could be included as a viable option in the normal pfSense releases.
