On Thu, 3 Dec 2009, Emmanuel Dreyfus wrote:
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's never gotten much attention.
What do people use, then?
For what it's worth, our OTP sequences are upstream of OpenLDAP (when encountering an OTP user, OpenLDAP merely works as a proxy, viz. contrib/slapd-modules/passwd/radius.c). Our OTP servers provide RADIUS support so this was a bit of a no-brainer drop in...and of course we had this preexisting infrastructure (for a couple decades at this point) to work with and, for the usual reasons, zero desire to multihome (on legacy + OpenLDAP) the sequence data.
Admittedly from a "ground up" fresh deployment scenario, that would be an unneeded additional service versus your approach; you're Probably On The Right Track strictly speaking. I'm merely answering the "what do people use" with one illustration.