OATH Event, Time and Challenge -based
OpenOTP™ LDAP Bridge
OpenOTP LDAP Bridge (LDProxy) provides user authentication with OTP over the standard LDAP protocol. With LDAP Bridge you can also integrate a large variety of third-party products and systems with multi-factor authentication, even if these products only support LDAP as authentication back-end. To achieve this, LDProxy acts as an LDAP proxy for your applications and intercepts user binds (LDAP authentication) operations.
The main use-case of LDProxy is also accommodating Enterprise applications that only support LDAP as external authentication mechanism. LDProxy includes configurations to distinguish which authentication requests are delegated to the OpenOTP server and which are forwarded to the LDAP back-end. It is able to proxy standard LDAP requests in order to keep your applications use the LDAP back-end, as usual. LDProxy is also deployed between the applications and the LDAP back-end.
LDAP Bridge supports single-factor authentication with password-only or OTP-only too. The OpenOTP authentication policies are very flexible and can be configured on a per-client basis in WebADM. Moreover, the client policies can be contextual to the nework of the users accessing your systems. This flexibility also provides support for integrations where the first factor is handled by your AD servers and the second factor (the OTP) is handled by your OpenOTP server.
LDAP Bridge provides Two-Factor authentication with most OpenOTP One-Time Password methods:
LDAP Bridge provides the LDAP interface on top of OpenOTP server. And it is included in your OpenOTP license at no extra charge.
The LDAP standard is supported by all major Enterprise products on the market from HP, IBM, Oracle, BMC…
MAIN KEY FEATURES
LDAP integrations support most OpenOTP features
- 100% compatible with LDAP client applications
- Robust implementation buit with OpenLDAP
- Distinguishes systems accounts and user accounts (OTP)
- LDAP+OTP is supported with password concatenation
- Transparently proxies LDAP requests to the LDAP back-end
- Authentication policies per client application or group of users
- Bridges all the OpenOTP functionalities (Tokens, Yubikey, SMSOTP, MailOTP…)
- Standalone service with no additional OpenOTP configuration required
- High performances with hundreds of requests per second
- Cluster support with multiple bridges for HA