This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Log in to ask a question

How to enable MFA with LDAP?

Posted on 01-02-2023 07:33 AM
aiannotti
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Is it possible to require a user's MFA with Secure LDAP?

Looking to integrate OpenLDAP community edition, and we have user/pass working, but would like to add MFA.

Solved Solved
1 6 6,536
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cryptochrome
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Got it, thanks. I don't think Google's MFA/2FA applies to LDAP authentication requests. If you have 2FA enforced already, and still can log on through LDAP, that would confirm this. 

The reason being, most likely, that many LDAP clients wouldn't know how to pass through the MFA portion and initiate the bind immediately - or simply time out while waiting for users to confirm their second factor. Plain vanilla LDAP has no concept of 2FA.

You will probably have to plug a third-party MFA solution into your OpenVPN server. Another option could be using an external IdP such as Okta, which has some options when using MFA with LDAP (see here: https://help.okta.com/en-us/Content/Topics/Directory/LDAP-interface-MFA.htm). 

 

 

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6
Top Labels in this Space
Top Solution Authors
View all