Comments (7)
It's not currently supported, no, but as you have seen, it was taken into account when designing.
from lldap.
It would be a great feature.
Probably more fields are required fot TOTP:
- MfaType => TOTP, ...
- Algorithm (SHA1, SHA256, SHA512)
- Number of digits (e.g. 6 or 8 digits)
- Period (e.g. 30 seconds)
from lldap.
This would only be for logging in to LLDAP, right? Not using LLDAP as a storage for secrets for other TOTP logins.
In that case, we'd probably hardcode most of these parameters with safe defaults to simplify the implementation.
Note that I don't have any intent on implementing that right now, but contributions are welcome.
from lldap.
I'm thinking about something similar to slapo-otp,
where TOTOP is used in conjunction with the LDAP password for two-factor authentication.
from lldap.
Oh, I see what you mean: you want to provide a default, centralized TOTP for use in many applications. That's quite different from what I had in mind (TOTP limited to logging in to LLDAP in the web front-end).
Something that comes to mind, though: How do you provide the TOTP to LLDAP to validate? Especially through the LDAP interface. Most services do not implement that, and probably will not. How do you imagine the user experience?
from lldap.
Some years ago I created something similar for authenticating OpenVPN using password + TOTP.
The users enter as password: password + separator (space) + TOTP
The separtor was optional because the TOTP lengh is know, but our users always insert a space between the password and the TOTP :)
The autentication was done with a python script performing the autentication (with the password) on LDAP and the TOTP check with a local db.
from lldap.
Although it would technically work, it would be a hard flow to explain to users: there is no dedicated TOTP field, it doesn't play very well with password managers and so on. I feel that the use case is a bit too niche for LLDAP.
from lldap.
Related Issues (20)
- Use separate configuration options for database credentials HOT 1
- Display Name not required to be unique. HOT 10
- Format for changing password from inside container. HOT 4
- Samba integration HOT 14
- [Document] more log verbosity control HOT 1
- How to integrate UrBackup and lldap? HOT 10
- Emails do not have a message_id HOT 2
- SMTP configuration with environment variables is inconsistent HOT 2
- Add support handle several objectClass when creating a user
- Improved Image Versioning and Release Cycle HOT 2
- Connecting to an external mysql database in kubernetes cluster HOT 1
- Jellyfin LDAP Plugin Change Password Fails HOT 7
- WEBhook configuration HOT 2
- Sort groups list on user view HOT 1
- Fallback note for useres with incompatible browsers HOT 3
- uidNumber attribute missing HOT 3
- [docker-mailserver] Hello need help for Dovecot Configuration HOT 9
- Terraform: adding new groups fail HOT 7
- Use Python LDAP3 To retrieve all USers and Groups HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lldap.