Commit 0ad73f87 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#9437 - Fix slapo-otp overlay name

parent fcc1410f
...@@ -2880,10 +2880,10 @@ if test "$ol_enable_otp" != no ; then ...@@ -2880,10 +2880,10 @@ if test "$ol_enable_otp" != no ; then
BUILD_OTP=$ol_enable_otp BUILD_OTP=$ol_enable_otp
if test "$ol_enable_otp" = mod ; then if test "$ol_enable_otp" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp_2fa.la" SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp.la"
else else
MFLAG=SLAPD_MOD_STATIC MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp_2fa.o" SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp.o"
fi fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_OTP,$MFLAG,[define for OTP 2-factor Authentication overlay]) AC_DEFINE_UNQUOTED(SLAPD_OVER_OTP,$MFLAG,[define for OTP 2-factor Authentication overlay])
fi fi
......
...@@ -85,11 +85,11 @@ This overlay maintains automatic reverse group membership values, ...@@ -85,11 +85,11 @@ This overlay maintains automatic reverse group membership values,
typically stored in an attribute called memberOf. This overlay typically stored in an attribute called memberOf. This overlay
is deprecated and should be replaced with dynlist. is deprecated and should be replaced with dynlist.
.TP .TP
.B otp_2fa .B otp
Two factor authentication module. OATH One-Time Password module.
This module allows time-based one-time password, AKA "authenticator-style", This module allows time-based one-time password, AKA "authenticator-style",
and HMAC-based one-time password authentication to be used in applications and HMAC-based one-time password authentication to be used in conjunction
that use LDAP for authentication. with a standard LDAP password for two factor authentication.
.TP .TP
.B pbind .B pbind
Proxybind. Proxybind.
......
.TH PW-TOTP 5 "2018/6/29" "SLAPO-OTP_2FA" .TH SLAPO_OTP 5 "2018/6/29" "SLAPO-OTP"
.\" Copyright 2015-2021 The OpenLDAP Foundation. .\" Copyright 2015-2021 The OpenLDAP Foundation.
.\" Portions Copyright 2015 by Howard Chu, Symas Corp. All rights reserved. .\" Portions Copyright 2015 by Howard Chu, Symas Corp. All rights reserved.
.\" Portions Copyright 2018 by Ondřej Kuzník, Symas Corp. All rights reserved. .\" Portions Copyright 2018 by Ondřej Kuzník, Symas Corp. All rights reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE. .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME .SH NAME
slapo-otp_2fa \- Two factor authentication module slapo-otp \- OATH One-Time Password module
.SH SYNOPSIS .SH SYNOPSIS
.B moduleload .B moduleload
.I otp_2fa.la .I otp.la
.SH DESCRIPTION .SH DESCRIPTION
The The
.B otp_2fa .B otp
module allows time-based one-time password, AKA "authenticator-style", and module allows time-based one-time password, AKA "authenticator-style", and
HMAC-based one-time password authentication to be used in applications that use HMAC-based one-time password authentication to be used in conjunction with
LDAP for authentication. In most cases no changes to the applications are a standard LDAP password for two-factor authentication.
needed to switch to this type of authentication.
With this module, users would use their password, followed with the one-time With this module, users would use their password, followed with the one-time
password in the password prompt to authenticate. password in the password prompt to authenticate.
......
...@@ -24,7 +24,7 @@ SRCS = overlays.c \ ...@@ -24,7 +24,7 @@ SRCS = overlays.c \
dynlist.c \ dynlist.c \
homedir.c \ homedir.c \
memberof.c \ memberof.c \
otp_2fa.c \ otp.c \
pcache.c \ pcache.c \
collect.c \ collect.c \
ppolicy.c \ ppolicy.c \
...@@ -96,8 +96,8 @@ homedir.la : homedir.lo ...@@ -96,8 +96,8 @@ homedir.la : homedir.lo
memberof.la : memberof.lo memberof.la : memberof.lo
$(LTLINK_MOD) -module -o $@ memberof.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ memberof.lo version.lo $(LINK_LIBS)
otp_2fa.la : otp_2fa.lo otp.la : otp.lo
$(LTLINK_MOD) -module -o $@ otp_2fa.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ otp.lo version.lo $(LINK_LIBS)
pcache.la : pcache.lo pcache.la : pcache.lo
$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS) $(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
......
/* otp_2fa.c - OATH 2-factor authentication module */ /* otp.c - OATH 2-factor authentication module */
/* $OpenLDAP$ */ /* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
* *
...@@ -927,11 +927,11 @@ otp_initialize( void ) ...@@ -927,11 +927,11 @@ otp_initialize( void )
char *argv[4]; char *argv[4];
int i; int i;
otp.on_bi.bi_type = "otp_2fa"; otp.on_bi.bi_type = "otp";
otp.on_bi.bi_op_bind = otp_op_bind; otp.on_bi.bi_op_bind = otp_op_bind;
ca.argv = argv; ca.argv = argv;
argv[0] = "otp_2fa"; argv[0] = "otp";
ca.argv = argv; ca.argv = argv;
ca.argc = 3; ca.argc = 3;
ca.fname = argv[0]; ca.fname = argv[0];
......
...@@ -22,7 +22,7 @@ if test $OTP = otpno; then ...@@ -22,7 +22,7 @@ if test $OTP = otpno; then
exit 0 exit 0
fi fi
OTP_DATA=$DATADIR/otp_2fa/hotp.ldif OTP_DATA=$DATADIR/otp/hotp.ldif
# OTPs for this token # OTPs for this token
TOKEN_0=818800 TOKEN_0=818800
...@@ -88,7 +88,7 @@ dn: cn=module,cn=config ...@@ -88,7 +88,7 @@ dn: cn=module,cn=config
objectClass: olcModuleList objectClass: olcModuleList
cn: module cn: module
olcModulePath: $TESTWD/../servers/slapd/overlays olcModulePath: $TESTWD/../servers/slapd/overlays
olcModuleLoad: otp_2fa.la olcModuleLoad: otp.la
EOMOD EOMOD
RC=$? RC=$?
if test $RC != 0 ; then if test $RC != 0 ; then
...@@ -98,10 +98,10 @@ if test $RC != 0 ; then ...@@ -98,10 +98,10 @@ if test $RC != 0 ; then
fi fi
fi fi
echo "Loading test otp_2fa configuration..." echo "Loading test otp configuration..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ $LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
>> $TESTOUT 2>&1 <<EOMOD >> $TESTOUT 2>&1 <<EOMOD
dn: olcOverlay={0}otp_2fa,olcDatabase={1}$BACKEND,cn=config dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config
changetype: add changetype: add
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
EOMOD EOMOD
...@@ -274,7 +274,7 @@ fi ...@@ -274,7 +274,7 @@ fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$DATADIR/otp_2fa/test001-out.ldif LDIF=$DATADIR/otp/test001-out.ldif
echo "Filtering ldapsearch results..." echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
......
...@@ -44,7 +44,7 @@ done ...@@ -44,7 +44,7 @@ done
export URI1 MANAGERDN PASSWD BABSDN BJORNSDN export URI1 MANAGERDN PASSWD BABSDN BJORNSDN
OTP_DATA=$DATADIR/otp_2fa/totp.ldif OTP_DATA=$DATADIR/otp/totp.ldif
mkdir -p $TESTDIR $DBDIR1 mkdir -p $TESTDIR $DBDIR1
...@@ -93,7 +93,7 @@ dn: cn=module,cn=config ...@@ -93,7 +93,7 @@ dn: cn=module,cn=config
objectClass: olcModuleList objectClass: olcModuleList
cn: module cn: module
olcModulePath: $TESTWD/../servers/slapd/overlays olcModulePath: $TESTWD/../servers/slapd/overlays
olcModuleLoad: otp_2fa.la olcModuleLoad: otp.la
EOMOD EOMOD
RC=$? RC=$?
if test $RC != 0 ; then if test $RC != 0 ; then
...@@ -103,10 +103,10 @@ if test $RC != 0 ; then ...@@ -103,10 +103,10 @@ if test $RC != 0 ; then
fi fi
fi fi
echo "Loading test otp_2fa configuration..." echo "Loading test otp configuration..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ $LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
>> $TESTOUT 2>&1 <<EOMOD >> $TESTOUT 2>&1 <<EOMOD
dn: olcOverlay={0}otp_2fa,olcDatabase={1}$BACKEND,cn=config dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config
changetype: add changetype: add
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
EOMOD EOMOD
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment