On 3/27/19 9:53 PM, dee heffem wrote: > Is there a way to obtain the username (CN or UID attribute?) being > authenticated when a LUTIL_PASSWD_CHK_FUNC function is called? > > I'd like to call a 2FA provider from within a password plugin but > not sure how to get the user tied to the sc, passwd, or cred > bervals.
You want to implement something like this? https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=contrib/slapd-modules/passwd/totp Symas recently also added a solution to their commercial offering: https://symas.com/two-factor-authentication-everywhere/ And I'm doing this via back-sock running configured as overlay: https://oath-ldap.stroeder.com/ https://gitlab.com/ae-dir/ansible-ae-dir-server/blob/master/files/oath-ldap/hotp_validator.py OATH-LDAP's hotp_validator.py also accepts COMPARE operation to separately check the OTP instead of always sending a simple bind request with password+OTP. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
