--On Thursday, February 1, 2024 10:55 AM +0100 Bastian Tweddell
<b.twedd...@fz-juelich.de> wrote:
The reason was, that we use it as a TOTP-only solution.
I had a testsetup with slapo-otp as well, but this module required
userPassword + TOTP, IIRC; where we cannot not have userPassword.
Our setup is to use TOTP as 2FA for ssh logins against the centralized
LDAP infrstructure. The ssh-login 1FA is ssh pubkey (also in LDAP) and
2FA is TOTP. To achieve this we use a PAM module which does an ldapbind
against the user-DN which has the userPassword schema '{TOTP1}'.
Maybe I wrong or outdated here and slapo-opt also supports TOTP-only
authentication now?
After discussion in today's project team meeting, we've opened an issue to
have this supported by slapo-otp in the future:
<https://bugs.openldap.org/show_bug.cgi?id=10169>
If you follow that bug, once a solution is in, we'd always welcome testing
of it. :)
Regards,
Quanah
