On 07/11/13 18:49 +0200, Dieter Klünter wrote:
Am Thu, 11 Jul 2013 21:46:40 +0530 schrieb Vishesh kumar linuxtovishesh@gmail.com:
Do anyone point me right direction for setting up OTP authentication in openldap. Reference to URL or guide will be sufficient.
If openldap has been compiled with cyrus-sasl, you have to add otp to the sasl mechanism list. Read on opie(4), opiepasswd(1) and opiekeys(5) in order to create keys.
If cyrus-sasl is compiled with opie disabled, it will use your configured auxprop plugin to store and retrieve the otp keys. Slapd will, by default, store those keys internally within the user's entry.
You'll need an appropriate schema definition such as http://web.olp.net/dwhite/openldap/cmusasl.schema.
With this approach, you can populate the otp key for a given user by using the ldapdb auxprop plugin, and with saslpasswd2:
cat > /usr/lib/sasl2/saslpasswd.conf <<EOF auxprop_plugin: ldapdb ldapdb_uri: ldapi:/// ldapdb_mech: EXTERNAL EOF
saslpasswd2 -n jsmith@example.org