On Thu, Feb 06, 2025 at 12:41:48PM +0100, Christoph Pleger wrote:
I am using slapo-otp. In the meanwhile, I managed to make it work with newly generated OTP secrets, but converting secrets from ${HOME}/.google_authenticator failed, I am wondering why, because I used base32 binary from goole-authenticator project to decode the value from .google_authenticator and then base64 to encode again, like this:
-/base32 -D <base32-coded> | base64
No errors were shown while doing this, but after changing OpenLDAP TOTP secret to the result of above command, login was not possible.
Hi Christoph, I assume that's because you wrote the base64 value to the entry, what you want to store in the database is the raw secret (output of base32 -d). But if you want to use ldapmodify, you need to use LDIF and that's where you use base64 and "::" to indicate the data you provided is base64 encoded, that's what's described in the guide.
Regards,