OATH-LDAP

Introduction

Architecture

slapd
This is OpenLDAP's LDAP server implementation
back-sock
slapd backend also useable as overlay which sends some LDAP requests to an external demon via Unix domain socket (see also slapd-sock(5))
OTP validator
bind proxy
web browser
enrollment web app
enrollment client
A hardened device where you plug in the OATH hardware token (e.g. Yubikey) to be initialized. Especially users shall not enter their normal password at this device.
LDAP client

Models

Enrollment

Objectives: