On 3/27/19 9:53 PM, dee heffem wrote:
Is there a way to obtain the username (CN or UID attribute?) being authenticated when a LUTIL_PASSWD_CHK_FUNC function is called?
I'd like to call a 2FA provider from within a password plugin but not sure how to get the user tied to the sc, passwd, or cred bervals.
You want to implement something like this?
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=contrib/sl...
Symas recently also added a solution to their commercial offering:
https://symas.com/two-factor-authentication-everywhere/
And I'm doing this via back-sock running configured as overlay:
https://oath-ldap.stroeder.com/
https://gitlab.com/ae-dir/ansible-ae-dir-server/blob/master/files/oath-ldap/...
OATH-LDAP's hotp_validator.py also accepts COMPARE operation to separately check the OTP instead of always sending a simple bind request with password+OTP.
Ciao, Michael.