Thank you for the reply Michael, This one in: 3. OATH-LDAP
But in general just want to test a way to add OTP to openldap, which ever works -dave On Wed, May 16, 2018 at 9:25 AM Michael Ströder <mich...@stroeder.com> wrote: > Dave Macias wrote: > > I too have been wondering about TOTP with openldap but always found it > > hard to find documentation on it. Any chance to have this documented? > > Dont see it in the site > > Which of the three solutions / sites do you mean? > > Ciao, Michael. > > > On Wed, May 16, 2018 at 7:23 AM Peter <peter.gi...@daasi.de > > <mailto:peter.gi...@daasi.de>> wrote: > > > > Hi Michael, > > > > Thanks for this summary, to which I can only add the english page of > > the > > Russian activity: > > > > http://cargosoft.ru/en/rm/118/119 > > > > Cheers, > > > > Peter > > > > > > > > Am 15.05.2018 um 19:06 schrieb Michael Ströder: > > > Douglas Duckworth wrote: > > >> Does OpenLDAP support use of one time passwords or 2FA for the > > Manager > > >> account? > > > > > > There are several solutions: > > > > > > 1. contrib/slapd-modules/passwd/totp/ > > > A proof of concept overlay which AFAICS replaces checking a normal > > > password by checking a generated TOTP value. So not really 2FA. > > > > > > 2. OATH HOTP LDAP Plugin by cargosoft.ru <http://cargosoft.ru> > > > Sorry, I only found a Russian site: > http://cargosoft.ru/ru/rm/113/115 > > > I never checked this myself anyway and therefore can't comment. > > > > > > 3. OATH-LDAP > > > Most flexible solution but hard to setup, especially since not > fully > > > documented yet. It's currently directly integrated into Æ-DIR but > > > could be used stand-alone. Being the author I'm biased of course. > > > > > > Ciao, Michael. >
