On 6/17/21 9:26 PM, Quanah Gibson-Mount wrote: > --On Thursday, June 17, 2021 9:34 PM +0200 Stefan Kania > <[email protected]> wrote: >> I'm still testing TOPT with OpenLDAP 2.5. I got TOTP1 running. So a user >> with an OTP can use the six-digit number from googleauthenticator (or >> freeOTP+) to authenticate while using ldapsearch. Then I switch to >> TOTP1ANDPW I generate a secretkey for the TOTP-part of userPassword. >> Then I create a password with "slappasswd" and put both TOTP1|password >> together in userPassword after decoding base64 I saw what I expected: > > Again, I have to ask why you simply aren't using the OTP module that > ships with 2.5 and whatever your favorite password hashing scheme is (I > advise ARGON2) to do this.
I agree with Quanah. There are good reasons why the schema used by slapo-otp has a separate attribute 'oathSecret' holding the token's shared secret. Using the old totp module is a waste of time. Ciao, Michael.
