On 31Jan24 09:01-0800, Quanah Gibson-Mount wrote:
Note that contrib modules are explicitly not maintained by the Project.
You'll need to find someone in the community to fix these issues for you.
I'd also wonder why you're not using the official OTP overlay:
https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html
which is maintained by the project.
The reason was, that we use it as a TOTP-only solution.
I had a testsetup with slapo-otp as well, but this module required
userPassword + TOTP, IIRC; where we cannot not have userPassword.
Our setup is to use TOTP as 2FA for ssh logins against the centralized
LDAP infrstructure. The ssh-login 1FA is ssh pubkey (also in LDAP) and
2FA is TOTP. To achieve this we use a PAM module which does an ldapbind
against the user-DN which has the userPassword schema '{TOTP1}'.
Maybe I wrong or outdated here and slapo-opt also supports TOTP-only
authentication now?
Cheers,
--
Bastian Tweddell Juelich Supercomputing Centre
phone: +49 (2461) 61-6586 High Performance Systems
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
