--On Saturday, June 5, 2021 4:27 PM +0200 Stefan Kania
<ste...@kania-online.de> wrote:
Hello,
I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10
with Kernel 5.9 from the backports. As OpenLDAP I use 2.5.5. I set up
everything via Ansible. My configure-options are:
root@ldap25-p01:/opt/openldap-2.5.5/servers/slapd
Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0:
<olcPasswordHash> scheme not available ({TOTP1})
Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0:
<olcPasswordHash> no valid hashes found
Jun 05 15:24:52 ldap25-p01 slapd[16210]: config error processing
cn=config: <olcPasswordHash> no valid hashes found
Hm, I've only ever used the OTP module that ships as a core part of
OpenLDAP 2.5:
<https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html>
Personally I'd combine that with ARGON2 password hashes for secure password
hash storage + 2 Factor auth.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
