Hi!

 

Reading the slapo-otp manual page, It’s not quite clear to me how it works:

• The tokens are stored in a separate entry, but does the manual page say what object type that entry has to be? I wonder why the token isn’t stored directly within the user entry as tokens most likely are not shared.
• Likewise “parameters” are stored in a separate entry; again what object type would those be?
• Confusingly the manual talks about “attributes” next: Are those “parameters”? I mean: length and HMAC algorithm might be shared among entries, but counter and time-step cannot.

 

A sample configuration would be really helpful, given that the only reference is “See also slapd-config(5)”.

 

 

Kind regards,

Ulrich Windl