-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Stefan Kania wrote: > Hi to all, > > I would like to add the otp-attributes with the following LDIF: > --------------- dn: ou=users,dc=example,dc=net changetype: modify add: > objectClass > objectClass: oathTOTPParams - add: oathOTPLength oathOTPLength: 6 - add: > oathHMACAlgorithm oathHMACAlgorithm: 1.2.840.113549.2.11 - add: > oathTOTPTimeStepPeriod oathTOTPTimeStepPeriod: 30 - add: > oathTOTPTimeStepWindow oathTOTPTimeStepWindow: 3 --------------- > > But I'm getting: ----------- modifying entry "ou=users,dc=example,dc=net" > ldap_modify: Invalid syntax (21) additional info: oathHMACAlgorithm: value #0 > invalid per syntax ----------- If I switch to SHA1: ----------- > oathHMACAlgorithm: 1.2.840.113549.2.7 ----------- > > it works. The manpage is telling me: ----------- oathHMACAlgorithm: <OID> The > OID of the hash algorithm to use as defined in RFC 8018. Supported > algorithms include SHA1, SHA224, SHA256, SHA384 and SHA512. ----------- > > and .11 is SHA512. Why is it not working? Do I have to give the OID in a > different way?
.11 should work. Check to make sure you don't have any trailing whitespace on that line. > > Stefan > - -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -----BEGIN PGP SIGNATURE----- iF0EAREKAB0WIQSUBGGam6fLX3meDqH9KnC0SrEbpwUCaAPHGwAKCRD9KnC0SrEb p09aAJ4rGwTGg8nPwWXg+DPLgP2ee2JUsQCeKpGUna1HRSlK4hmCs3y2+2sHQTE= =lOkI -----END PGP SIGNATURE-----
