Hi!
Reading the slapo-otp manual page, It's not quite clear to me how it works:
* The tokens are stored in a separate entry, but does the manual page say what object type that entry has to be? I wonder why the token isn't stored directly within the user entry as tokens most likely are not shared. * Likewise "parameters" are stored in a separate entry; again what object type would those be? * Confusingly the manual talks about "attributes" next: Are those "parameters"? I mean: length and HMAC algorithm might be shared among entries, but counter and time-step cannot.
A sample configuration would be really helpful, given that the only reference is "See also slapd-config(5)".
Kind regards, Ulrich Windl
--On Thursday, February 20, 2025 2:11 PM +0000 "Windl, Ulrich" u.windl@ukr.de wrote:
Hi!
Reading the slapo-otp manual page, It's not quite clear to me how it works: • The tokens are stored in a separate entry, but does the manual page say what object type that entry has to be? I wonder why the token isn't stored directly within the user entry as tokens most likely are not shared. • Likewise "parameters" are stored in a separate entry; again what object type would those be? • Confusingly the manual talks about "attributes" next: Are those "parameters"? I mean: length and HMAC algorithm might be shared among entries, but counter and time-step cannot.
A sample configuration would be really helpful, given that the only reference is "See also slapd-config(5)".
I would suggest filing an ITS if you have suggestions on how to improve the man page.
--Quanah
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Windl, Ulrich