On Tue, Feb 04, 2025 at 04:38:23PM +0100, Christoph Pleger wrote:
> Hello,
>
> so far, I used libpam-google-authenticator as a second factor for
> two-factor-authentication, the first factor is OpenLDAP.
>
> Now, I read that OpenLDAP supports google-authenticator-like
> authentication directly - but I do not want to create new 2FA-secrets.
>
> So:
>
> Is it possible to convert the secret from
> ${HOME}/.google_authenticator to OpenLDAP format?
Hi Christoph,
yes, should be possible to use the otp overlay for this:
https://openldap.org/software/man.cgi?query=slapo-otp
You can look at test080/081 in the OpenLDAP test suite on how to set it
up or there's also a Symas KB article[0] you can follow.
https://kb.symas.com/configure-time-based-one-time-passwords-totp.html
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
