mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-12 10:54:48 +08:00
46da831b6d
Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to install the new manual page. ITS#8205 - contrib/lastbind: install man page Update lastbind's Makefile to install the manual page too. ITS#8205 - contrib/passwd/sha2: add man page, install it too Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to install the new manual page. ITS#8205 - contrib/adremap: install man page Update adremap's Makefile to install the manual page too. ITS#8205 - contrib/allop: install man page Update allop's Makefile to install the manual page too. ITS#8205 - contrib/cloak: install man page Update cloak's Makefile to install the manual page too. ITS#8205 - contrib/lastmod: install man page Update lastmod's Makefile to install the manual page too. ITS#8205 - contrib/nops: install man page Update nops's Makefile to install the manual page too. ITS#8205 - contrib/nssov: install man page Update nssov's Makefile to install the manual page too. ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too Add a manual page slapd-pw-radius.5 and update passwd's Makefile to install the new manual page. ITS#8205 - contrib/passwd/totp: add man page, install it too Add a manual page slapo-totp.5 and update passwd/totp's Makefile to install the new manual page. ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to install the new manual page. |
||
|---|---|---|
| .. | ||
| Makefile | ||
| README | ||
| slapd-totp.c | ||
| slapo-totp.5 | ||
TOTP OpenLDAP support
----------------------
slapd-totp.c provides support for RFC 6238 TOTP Time-based One
Time Passwords in OpenLDAP using SHA-1, SHA-256, and SHA-512.
For instance, one could have the LDAP attribute:
userPassword: {TOTP1}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
which encodes the key '12345678901234567890'.
Building
--------
1) Customize the LDAP_SRC variable in Makefile to point to the OpenLDAP
source root.
2) Run 'make' to produce slapd-totp.so
3) Copy slapd-totp.so somewhere permanent.
4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
moduleload ...path/to/slapd-totp.so
5) This module replaces the function of the slapo-lastbind overlay. You
cannot use that overlay on the same database as this one.
6) Restart slapd.
Configuring
-----------
The {TOTP1}, {TOTP256}, and {TOTP512} password schemes should now be recognised.
You can also tell OpenLDAP to use one of these new schemes when processing LDAP
Password Modify Extended Operations, thanks to the password-hash option in
slapd.conf. For example:
password-hash {TOTP1}
TOTP password schemes will only work on databases that have a rootdn and the
totp overlay configured:
database mdb
rootdn "..."
...
overlay totp
Testing
-------
The TOTP1 algorithm is compatible with Google Authenticator.
---
This work is part of OpenLDAP Software <http://www.openldap.org/>.
Copyright 2015-2017 The OpenLDAP Foundation.
Portions Copyright 2015 by Howard Chu, Symas Corp.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License.
A copy of this license is available in the file LICENSE in the
top-level directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.