Re: OTP or 2FA for Manager Account?

Douglas Duckworth wrote:

Does OpenLDAP support use of one time passwords or 2FA for the Manager account?

There are several solutions:

1. contrib/slapd-modules/passwd/totp/ A proof of concept overlay which AFAICS replaces checking a normal password by checking a generated TOTP value. So not really 2FA.

2. OATH HOTP LDAP Plugin by cargosoft.ru Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115 I never checked this myself anyway and therefore can't comment.

3. OATH-LDAP Most flexible solution but hard to setup, especially since not fully documented yet. It's currently directly integrated into Æ-DIR but could be used stand-alone. Being the author I'm biased of course.

Ciao, Michael.