[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: UNKNOWN attributeDescription "..." inserted.
From: Bastian Tweddell <b.tweddell () fz-juelich ! de>
Date: 2024-02-01 9:55:29
Message-ID: Zbtqkfb_Nb050ikV () fz-juelich ! de
[Download RAW message or body]
On 31Jan24 09:01-0800, Quanah Gibson-Mount wrote:
> > Note that contrib modules are explicitly not maintained by the Project.
> > You'll need to find someone in the community to fix these issues for you.
>
> I'd also wonder why you're not using the official OTP overlay:
>
> <https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html>
>
> which is maintained by the project.
The reason was, that we use it as a TOTP-only solution.
I had a testsetup with slapo-otp as well, but this module required
userPassword + TOTP, IIRC; where we cannot not have userPassword.
Our setup is to use TOTP as 2FA for ssh logins against the centralized
LDAP infrstructure. The ssh-login 1FA is ssh pubkey (also in LDAP) and
2FA is TOTP. To achieve this we use a PAM module which does an ldapbind
against the user-DN which has the userPassword schema '{TOTP1}'.
Maybe I wrong or outdated here and slapo-opt also supports TOTP-only
authentication now?
Cheers,
--
Bastian Tweddell Juelich Supercomputing Centre
phone: +49 (2461) 61-6586 High Performance Systems
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
["smime.p7s" (application/x-pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic