--On Thursday, June 17, 2021 9:34 PM +0200 Stefan Kania stefan@kania-online.de wrote:
Hi to all,
I'm still testing TOPT with OpenLDAP 2.5. I got TOTP1 running. So a user with an OTP can use the six-digit number from googleauthenticator (or freeOTP+) to authenticate while using ldapsearch. Then I switch to TOTP1ANDPW I generate a secretkey for the TOTP-part of userPassword. Then I create a password with "slappasswd" and put both TOTP1|password together in userPassword after decoding base64 I saw what I expected:
Again, I have to ask why you simply aren't using the OTP module that ships with 2.5 and whatever your favorite password hashing scheme is (I advise ARGON2) to do this.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com