On 07/11/13 18:49 +0200, Dieter Klünter wrote:If cyrus-sasl is compiled with opie disabled, it will use your configured
Am Thu, 11 Jul 2013 21:46:40 +0530
schrieb Vishesh kumar <linuxtovishesh@gmail.com>:
Do anyone point me right direction for setting up OTP authentication
in openldap. Reference to URL or guide will be sufficient.
If openldap has been compiled with cyrus-sasl, you have to add otp to
the sasl mechanism list. Read on opie(4), opiepasswd(1) and opiekeys(5)
in order to create keys.
auxprop plugin to store and retrieve the otp keys. Slapd will, by
default, store those keys internally within the user's entry.
You'll need an appropriate schema definition such as
http://web.olp.net/dwhite/openldap/cmusasl.schema.
With this approach, you can populate the otp key for a given user by using
the ldapdb auxprop plugin, and with saslpasswd2:
cat > /usr/lib/sasl2/saslpasswd.conf <<EOF
auxprop_plugin: ldapdb
ldapdb_uri: ldapi:///
ldapdb_mech: EXTERNAL
EOF
saslpasswd2 -n jsmith@example.org
--
Dan White