OpenOTP LDAP Bridge

OpenOTP LDAP Bridge

Protect your legacy applications

OpenOTP LDAP Bridge (LDProxy) provides user authentication with OTP over the standard LDAP protocol.
Adding MFA to legacy applications is possible with OpenOTP Security Suite.

With the LDAP Bridge you can integrate a large variety of third-party products and systems with multi-factor authentication, even if these products only support LDAP as an authentication backend.
To achieve this, LDProxy acts as an LDAP proxy for your applications and intercepts user binds (LDAP authentication) operations.

How it works?

OpenOTP LDAP Bridge

Solution

VPN-graphic

The main use-case of LDProxy is accommodating Enterprise applications that only support LDAP as an external authentication mechanism.
LDProxy includes configurations to distinguish which authentication requests are delegated to the OpenOTP server and which are forwarded to the LDAP back-end.
It is able to proxy standard LDAP requests in order to keep your applications use the LDAP back-end, as usual.
LDProxy is also deployed between the applications and the LDAP back-end.

LDAP Bridge supports single-factor authentication with password-only or OTP-only as well.
The OpenOTP authentication policies are very flexible and can be configured on a per-client basis in WebADM.
Moreover, the client policies can be contextual to the network of the users accessing your systems.
This flexibility also provides support for integrations where the first factor is handled by your AD servers and the second factor (the OTP) is handled by your OpenOTP server.

Integrations

LDAP Bridge provides the LDAP interface on top of the OpenOTP server. And it is included in your OpenOTP license at no extra charge.
The LDAP standard is supported by all major Enterprise products on the market from HP, IBM, Oracle, BMC…

Features

LDAP integrations support most OpenOTP features
100% compatible with LDAP client applications
Robust implementation built with OpenLDAP
Distinguishes system accounts and user accounts (OTP)
LDAP+OTP is supported with password concatenation
Transparently proxies LDAP requests to the LDAP back-end
Authentication policies per client application or group of users
Bridges all the OpenOTP functionalities (Tokens, Yubikey, SMSOTP, MailOTP…)
Standalone service with no additional OpenOTP configuration required
High performance with hundreds of requests per second
Cluster support with multiple bridges for HA

How to

See how simple it is to use OpenOTP LDAP Bridge:

EN
FR DE EN