--On Monday, March 17, 2025 10:28 AM -0400 BuzzSaw Code <[email protected]> wrote:
We have an existing set of RHEL8 servers running the 2.4.x version of OpenLDAP - we can't upgrade to the latest version due to other dependencies. I'm trying to solve a problem where we want to use our 2FA authentication (which is OTP based on RADIUS) with some devices and applications that don't support RADIUS at all, but they *do* support LDAP authentication. I've read about using the SASL, but since that requires replacing the userPassword attribute for each user it won't work as I have to do this without breaking straight username/password binds for users.
If you're talking about SASL pass through authentication, yes. If you're talking about normal SASL mechanisms like cert auth, Kerberos, etc, that is not correct. What is it that you think "SASL" (whatever that means) will solve as a problem?
--Quanah
