Hello, > To my knowledge, the secret is a binary blob encoded in base64 or > sometimes base32. So, yes, it would be possible. Keep in mind to set the > default parameters of google-authenticator also in the slapo-otp configs > (SHA1, 30s timewindow, etc) > > Which db overlay are you going to use? There are two in the > openldap-distribution; one in the maintained branch (slapo-otp) and the > other one in the contrib/ branch (pw-totp.so)
I am using slapo-otp. In the meanwhile, I managed to make it work with
newly generated OTP secrets, but converting secrets from
${HOME}/.google_authenticator failed, I am wondering why, because I
used base32 binary from goole-authenticator project to decode the value
from .google_authenticator and then base64 to encode again, like this:
-/base32 -D <base32-coded> | base64
No errors were shown while doing this, but after changing OpenLDAP TOTP
secret to the result of above command, login was not possible.
Regards
Christoph
signature.asc
Description: This is a digitally signed message part
