On Tue, May 15, 2018 at 07:06:41PM +0200, Michael Ströder wrote: > Douglas Duckworth wrote: >> Does OpenLDAP support use of one time passwords or 2FA for the Manager >> account? > > There are several solutions: > > 1. contrib/slapd-modules/passwd/totp/ > A proof of concept overlay which AFAICS replaces checking a normal password > by checking a generated TOTP value. So not really 2FA.
We have been looking into how to best make it an actual 2FA solution, though. > 2. OATH HOTP LDAP Plugin by cargosoft.ru > Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115 > I never checked this myself anyway and therefore can't comment. > > 3. OATH-LDAP > Most flexible solution but hard to setup, especially since not fully > documented yet. It's currently directly integrated into Æ-DIR but could be > used stand-alone. Being the author I'm biased of course. -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
