On 08/04/2014 10:13 AM, Thomas Neumann wrote: > extension), then I'll implement a small script that uses ldapsearch to > fetch all AD users below a given OU that have the employeeNumber field > set and belong to some "OTP-Login" group in AD and the fetched username > and matching OTP secret (from the employeeNumber attribute) will be > stored in the SQLTOTP table if not already present.
One variation might be to query LDAP for the emploeeNumber and other OTP related attributes when the password check is done. A hook could then add the information in SQLTOTP table before continuing with the rest of the authentication. You would still require cleanup for users that are no longer present, but the SQL table would not need to contain the users that are not active TOTP users. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
