LDAP schema and tools for Yubico YubiKey authentication
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ldap-schema
microsoft-schema
samba4-schema
.gitignore
README
yubikey-ldap
yubikey-ldap.conf.sample

README

yubikey-ldap tool
=================

This tool simplifies the management of YubiKeys stored in LDAP
for user authentication. It can easily do the following:

* Add/Remove 'yubiKeyId' attribute to/from users
* Search for users who have a yubiKeyId assigned

That's about it, really :)

Behind the scenes it does a little more to facilitate the above:

* Autocompletes usernames
* Adds 'yubiKeyUser' objectClass to the user's record before when needed

YubiKey LDAP schema
-------------------

As a prerequisite the YubiKey LDAP schema must be installed in your
server. Refer to 'ldap-schema/README' for more details.

Configuration
-------------

At the moment the config file 'yubikey-ldap.conf' must be in your current
working directory at the time you launch yubikey-ldap. Later on we will
add some more intelligence and configurable config location.

Use the provided 'yubikey-ldap.conf.sample' as a template.

Example
-------

$HOME/yubikey-ldap # ./yubikey-ldap
Use <Ctrl+D> to exit at any time
Use <Enter> to return one level up

Enter username (<tab> to autocomplete) or YubiKey Id to manage
Username or YubiKey: test<TAB>
Username or YubiKey: test.user

Test User [test.user] has no assigned YubiKeys
(a) add / <Enter> change user
Command: a
Enter YubiKey ID (12 chars minimum, best way is to touch the key)
YubiKey ID: ccccccbhkiivinkrcvfkdkttbfjkhtvggnvdchfjkvgt

Assigning YubiKey 'ccccccbhkiiv' to 'test.user'
Commit? [Y/n] <Enter>

Test User [test.user] has 1 assigned YubiKey
  1)  ccccccbhkiiv
(a) add / (d) delete / <Enter> change user
Command: d
Test User [test.user] has 1 assigned YubiKey
  1)  ccccccbhkiiv

Enter YubiKey or the index number. Enter when done.
YubiKey to Delete: 1

Test User [test.user] has no assigned YubiKeys
(a) add / <Enter> change user
Command: <Ctrl+D>

$HOME/yubikey-ldap #

Credits
-------

Have you found this tool useful?
Please consider a small PayPal donation at:

    http://logix.cz/michal/devel/yubikey-ldap/

Thanks!

Michal Ludvig <michal@logix.cz>