[Date Prev][Date Next] [Chronological] [Thread] [Top]


Thanks you all. Let me give a try.


On Thu, Jul 11, 2013 at 11:47 PM, Dan White <dwhite@olp.net> wrote:
On 07/11/13 18:49 +0200, Dieter Klünter wrote:
Am Thu, 11 Jul 2013 21:46:40 +0530
schrieb Vishesh kumar <linuxtovishesh@gmail.com>:

Do anyone point me right direction for setting up OTP authentication
in openldap. Reference to URL or guide will be sufficient.

If openldap has been compiled with cyrus-sasl, you have to add otp to
the sasl mechanism list. Read on opie(4), opiepasswd(1) and opiekeys(5)
in order to create keys.

If cyrus-sasl is compiled with opie disabled, it will use your configured
auxprop plugin to store and retrieve the otp keys. Slapd will, by
default, store those keys internally within the user's entry.

You'll need an appropriate schema definition such as

With this approach, you can populate the otp key for a given user by using
the ldapdb auxprop plugin, and with saslpasswd2:

cat > /usr/lib/sasl2/saslpasswd.conf <<EOF
auxprop_plugin: ldapdb
ldapdb_uri: ldapi:///
ldapdb_mech: EXTERNAL

saslpasswd2 -n jsmith@example.org

Dan White