4 Feb
2025
4 Feb
'25
7:12 p.m.
On Tue, Feb 04, 2025 at 04:38:23PM +0100, Christoph Pleger wrote:
Hello,
so far, I used libpam-google-authenticator as a second factor for two-factor-authentication, the first factor is OpenLDAP.
Now, I read that OpenLDAP supports google-authenticator-like authentication directly - but I do not want to create new 2FA-secrets.
So:
Is it possible to convert the secret from ${HOME}/.google_authenticator to OpenLDAP format?
Hi Christoph, yes, should be possible to use the otp overlay for this: https://openldap.org/software/man.cgi?query=slapo-otp
You can look at test080/081 in the OpenLDAP test suite on how to set it up or there's also a Symas KB article[0] you can follow. https://kb.symas.com/configure-time-based-one-time-passwords-totp.html
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP