On Thu, 3 Dec 2009, Emmanuel Dreyfus wrote:
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's
never gotten much attention.
What do people use, then?
For what it's worth, our OTP sequences are upstream of OpenLDAP (when
encountering an OTP user, OpenLDAP merely works as a proxy, viz.
contrib/slapd-modules/passwd/radius.c). Our OTP servers provide RADIUS
support so this was a bit of a no-brainer drop in...and of course we had
this preexisting infrastructure (for a couple decades at this point) to
work with and, for the usual reasons, zero desire to multihome (on legacy
+ OpenLDAP) the sequence data.
Admittedly from a "ground up" fresh deployment scenario, that would be an
unneeded additional service versus your approach; you're Probably On The
Right Track strictly speaking. I'm merely answering the "what do people
use" with one illustration.
