Clément "KPTN" OUDOT
Clément "KPTN" OUDOT
See documentation: https://self-service-password.readthedocs.io/en/v1.4/config_ldap.html#server-address
This setting is for the server hosting SSP application. Check with openssl s_client your connection and CA certificate
So copy the server certificate on SSP server and configure it as CACERT in your ldap.conf
Yes. Check that the security level of your linux distribution is compatible with the AD certificate
Yes this is interesting but clearly not a priority for the moment.
I would indeed prefer to implement TOTP or HOTP because these are standards and you could use a free client like [FreeOTP](https://freeotp.github.io/) to use it. OTP is quite like a...
OTP can be used either as a second authentication factor (kind like a captcha) or as a replacement of mail or SMS. In both cases a secret should be kept...
@r2evans extending the schema is not mandatory. See the reset by questions feature, I coded it so we can use any objectClass/attribute to store/read the answer. You should not force...
extensibleObject is not compatible with AD, you need to choose an objectClass and/or an attribute compatible with AD schema.
Questions can work with AD, you just have to define in which attribute you will store answers. For test, you can use: ``` $answer_objectClass = "user"; $answer_attribute = "description"; ```...