Re: OTP or 2FA for Manager Account?

[Ondřej Kuzník <ondra@mistotebe.net>]

On Tue, May 15, 2018 at 07:06:41PM +0200, Michael Ströder wrote:
> Douglas Duckworth wrote:
>> Does OpenLDAP support use of one time passwords or 2FA for the Manager
>> account?
> 
> There are several solutions:
> 
> 1. contrib/slapd-modules/passwd/totp/
> A proof of concept overlay which AFAICS replaces checking a normal password
> by checking a generated TOTP value. So not really 2FA.

We have been looking into how to best make it an actual 2FA solution,
though.

> 2. OATH HOTP LDAP Plugin by cargosoft.ru
> Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
> I never checked this myself anyway and therefore can't comment.
> 
> 3. OATH-LDAP
> Most flexible solution but hard to setup, especially since not fully
> documented yet. It's currently directly integrated into Æ-DIR but could be
> used stand-alone. Being the author I'm biased of course.

-- 
Ondřej Kuzník
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP