Commit 84ac7a5c authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Merge remote-tracking branch 'origin/master' into OPENLDAP_REL_ENG_2_5

parents 0a1d890a 601c430b
......@@ -25165,10 +25165,10 @@ if test "$ol_enable_otp" != no ; then
BUILD_OTP=$ol_enable_otp
if test "$ol_enable_otp" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp_2fa.la"
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp_2fa.o"
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp.o"
fi
 
cat >>confdefs.h <<_ACEOF
......
......@@ -2861,10 +2861,10 @@ if test "$ol_enable_otp" != no ; then
BUILD_OTP=$ol_enable_otp
if test "$ol_enable_otp" = mod ; then
MFLAG=SLAPD_MOD_DYNAMIC
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp_2fa.la"
SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp.la"
else
MFLAG=SLAPD_MOD_STATIC
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp_2fa.o"
SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp.o"
fi
AC_DEFINE_UNQUOTED(SLAPD_OVER_OTP,$MFLAG,[define for OTP 2-factor Authentication overlay])
fi
......
......@@ -85,11 +85,11 @@ This overlay maintains automatic reverse group membership values,
typically stored in an attribute called memberOf. This overlay
is deprecated and should be replaced with dynlist.
.TP
.B otp_2fa
Two factor authentication module.
.B otp
OATH One-Time Password module.
This module allows time-based one-time password, AKA "authenticator-style",
and HMAC-based one-time password authentication to be used in applications
that use LDAP for authentication.
and HMAC-based one-time password authentication to be used in conjunction
with a standard LDAP password for two factor authentication.
.TP
.B pbind
Proxybind.
......
.TH PW-TOTP 5 "2018/6/29" "SLAPO-OTP_2FA"
.TH SLAPO_OTP 5 "2018/6/29" "SLAPO-OTP"
.\" Copyright 2015-2021 The OpenLDAP Foundation.
.\" Portions Copyright 2015 by Howard Chu, Symas Corp. All rights reserved.
.\" Portions Copyright 2018 by Ondřej Kuzník, Symas Corp. All rights reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slapo-otp_2fa \- Two factor authentication module
slapo-otp \- OATH One-Time Password module
.SH SYNOPSIS
.B moduleload
.I otp_2fa.la
.I otp.la
.SH DESCRIPTION
The
.B otp_2fa
.B otp
module allows time-based one-time password, AKA "authenticator-style", and
HMAC-based one-time password authentication to be used in applications that use
LDAP for authentication. In most cases no changes to the applications are
needed to switch to this type of authentication.
HMAC-based one-time password authentication to be used in conjunction with
a standard LDAP password for two-factor authentication.
With this module, users would use their password, followed with the one-time
password in the password prompt to authenticate.
......
......@@ -24,7 +24,7 @@ SRCS = overlays.c \
dynlist.c \
homedir.c \
memberof.c \
otp_2fa.c \
otp.c \
pcache.c \
collect.c \
ppolicy.c \
......@@ -96,8 +96,8 @@ homedir.la : homedir.lo
memberof.la : memberof.lo
$(LTLINK_MOD) -module -o $@ memberof.lo version.lo $(LINK_LIBS)
otp_2fa.la : otp_2fa.lo
$(LTLINK_MOD) -module -o $@ otp_2fa.lo version.lo $(LINK_LIBS)
otp.la : otp.lo
$(LTLINK_MOD) -module -o $@ otp.lo version.lo $(LINK_LIBS)
pcache.la : pcache.lo
$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
......
/* otp_2fa.c - OATH 2-factor authentication module */
/* otp.c - OATH 2-factor authentication module */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
......@@ -927,11 +927,11 @@ otp_initialize( void )
char *argv[4];
int i;
otp.on_bi.bi_type = "otp_2fa";
otp.on_bi.bi_type = "otp";
otp.on_bi.bi_op_bind = otp_op_bind;
ca.argv = argv;
argv[0] = "otp_2fa";
argv[0] = "otp";
ca.argv = argv;
ca.argc = 3;
ca.fname = argv[0];
......
......@@ -22,7 +22,7 @@ if test $OTP = otpno; then
exit 0
fi
OTP_DATA=$DATADIR/otp_2fa/hotp.ldif
OTP_DATA=$DATADIR/otp/hotp.ldif
# OTPs for this token
TOKEN_0=818800
......@@ -88,7 +88,7 @@ dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/overlays
olcModuleLoad: otp_2fa.la
olcModuleLoad: otp.la
EOMOD
RC=$?
if test $RC != 0 ; then
......@@ -98,10 +98,10 @@ if test $RC != 0 ; then
fi
fi
echo "Loading test otp_2fa configuration..."
echo "Loading test otp configuration..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
>> $TESTOUT 2>&1 <<EOMOD
dn: olcOverlay={0}otp_2fa,olcDatabase={1}$BACKEND,cn=config
dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config
changetype: add
objectClass: olcOverlayConfig
EOMOD
......@@ -274,7 +274,7 @@ fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
LDIF=$DATADIR/otp_2fa/test001-out.ldif
LDIF=$DATADIR/otp/test001-out.ldif
echo "Filtering ldapsearch results..."
$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
......
......@@ -44,7 +44,7 @@ done
export URI1 MANAGERDN PASSWD BABSDN BJORNSDN
OTP_DATA=$DATADIR/otp_2fa/totp.ldif
OTP_DATA=$DATADIR/otp/totp.ldif
mkdir -p $TESTDIR $DBDIR1
......@@ -93,7 +93,7 @@ dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/overlays
olcModuleLoad: otp_2fa.la
olcModuleLoad: otp.la
EOMOD
RC=$?
if test $RC != 0 ; then
......@@ -103,10 +103,10 @@ if test $RC != 0 ; then
fi
fi
echo "Loading test otp_2fa configuration..."
echo "Loading test otp configuration..."
$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
>> $TESTOUT 2>&1 <<EOMOD
dn: olcOverlay={0}otp_2fa,olcDatabase={1}$BACKEND,cn=config
dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config
changetype: add
objectClass: olcOverlayConfig
EOMOD
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment