OATH-LDAP

  1. Introduction
  2. Architecture
  3. Models
  4. Enrollment

Introduction

Architecture

OATH-LDAP system architecture based on OpenLDAP
slapd
This is OpenLDAP's LDAP server implementation
back-sock
slapd backend also useable as overlay which sends some LDAP requests to an external demon via Unix domain socket (see also slapd-sock(5))
OTP validator
bind proxy
web browser
enrollment web app
enrollment client
A hardened device where you plug in the OATH hardware token (e.g. Yubikey) to be initialized. Especially users shall not enter their normal password at this device.
LDAP client

Models

OATH-LDAP entity relationships

Enrollment

Objectives:

OATH-LDAP enrollment process

Process: