On Thu, Feb 06, 2025 at 12:41:48PM +0100, Christoph Pleger wrote:
> I am using slapo-otp. In the meanwhile, I managed to make it work with
> newly generated OTP secrets, but converting secrets from
> ${HOME}/.google_authenticator failed, I am wondering why, because I
> used base32 binary from goole-authenticator project to decode the value
> from .google_authenticator and then base64 to encode again, like this:
>
> -/base32 -D <base32-coded> | base64
>
> No errors were shown while doing this, but after changing OpenLDAP TOTP
> secret to the result of above command, login was not possible.
Hi Christoph,
I assume that's because you wrote the base64 value to the entry, what
you want to store in the database is the raw secret (output of base32
-d). But if you want to use ldapmodify, you need to use LDIF and that's
where you use base64 and "::" to indicate the data you provided is
base64 encoded, that's what's described in the guide.
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
