Re: OpenLDAP and dynalogin (two-factor auth with HOTP)
Michael Ströder wrote:
Dimitri,
Dimitri wrote:
> I've been working on a related problem recently, so this may sound
> interesting to you. I've developed a SLAPI plugin that implements OATH
> HOTP authentication as LDAP simple bind. Token objects are stored in
> LDAP directory; synchronization is implemented as an EXOP. SLAPI
> implementation in OpenLDAP lacked EXOP support, so I've fixed that, too
> (and I'm going to submit a patch soon). The project is being prepared to
> be published under an open license. If that sounds interesting for you,
> don't hesitate to drop me an email.
>
> I'm also planning to port this plugin to OpenLDAP's native overlay API.
I'm currently also working one something like that.
I'd also like to have a standardized schema.
Fyi, I've been working on a TOTP overlay the past few days. (Overlay and pw
crypt mechanism.) Should be showing up in git this week.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/