4 slapd-totp.c provides support for RFC 6238 TOTP Time-based One
5 Time Passwords in OpenLDAP using SHA-1, SHA-256, and SHA-512.
6 For instance, one could have the LDAP attribute:
8 userPassword: {TOTP1}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
10 which encodes the key '12345678901234567890'.
16 1) Customize the LDAP_SRC variable in Makefile to point to the OpenLDAP
19 2) Run 'make' to produce slapd-totp.so
21 3) Copy slapd-totp.so somewhere permanent.
23 4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
25 moduleload ...path/to/slapd-sha2.so
27 5) This module also requires the use of the slapo-lastbind overlay. You
28 should build that module and also add it to your slapd configuration.
36 The {TOTP1}, {TOTP256}, and {TOTP512} password schemes should now be recognised.
38 You can also tell OpenLDAP to use one of these new schemes when processing LDAP
39 Password Modify Extended Operations, thanks to the password-hash option in
40 slapd.conf. For example:
44 On the databases where your users reside you must configure both the
45 lastbind overlay and the totp overlay:
58 The TOTP1 algorithm is compatible with Google Authenticator.
62 This work is part of OpenLDAP Software <http://www.openldap.org/>.
64 Copyright 2015 The OpenLDAP Foundation.
65 Portions Copyright 2015 by Howard Chu, Symas Corp.
68 Redistribution and use in source and binary forms, with or without
69 modification, are permitted only as authorized by the OpenLDAP
72 A copy of this license is available in the file LICENSE in the
73 top-level directory of the distribution or, alternatively, at
74 <http://www.OpenLDAP.org/license.html>.