I too have been wondering about TOTP with openldap but always found it hard to find documentation on it. Any chance to have this documented? Dont see it in the site
Regards, dave
On Wed, May 16, 2018 at 7:23 AM Peter peter.gietz@daasi.de wrote:
Hi Michael,
Thanks for this summary, to which I can only add the english page of the Russian activity:
http://cargosoft.ru/en/rm/118/119
Cheers,
Peter
Am 15.05.2018 um 19:06 schrieb Michael Ströder:
Douglas Duckworth wrote:
Does OpenLDAP support use of one time passwords or 2FA for the Manager account?
There are several solutions:
- contrib/slapd-modules/passwd/totp/
A proof of concept overlay which AFAICS replaces checking a normal password by checking a generated TOTP value. So not really 2FA.
- OATH HOTP LDAP Plugin by cargosoft.ru
Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115 I never checked this myself anyway and therefore can't comment.
- OATH-LDAP
Most flexible solution but hard to setup, especially since not fully documented yet. It's currently directly integrated into Æ-DIR but could be used stand-alone. Being the author I'm biased of course.
Ciao, Michael.
-- _______________________________________________________________________
Peter Gietz (CEO) DAASI International GmbH phone: +49 7071 407109-0 Europaplatz 3 Fax: +49 7071 407109-9 D-72072 Tübingen mail: peter.gietz@daasi.de Germany Web: www.daasi.de
DAASI International GmbH, Tübingen Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
Directory Applications for Advanced Security and Information Management _______________________________________________________________________