You should state to install the module to enable the extra repository, else the first rpm installation will disable it, so either yum install nethserver-lemonldap-ng --enablerepo=lemonldap-ng,lemonldap-ng-extras or create the code to permanently enable them
OK I needed to launch the first time the script of configuration, why to not test a string that we know as default and trigger the script if we find it, like this we could automatize it.
That’s bizarre; I know I’d made that exact fix myself–must have been on a working copy outside of the repo. Fixed.
This will take a little bit of thought. In an earlier draft, I had the sed commands as part of %post in the .spec file, but the request up-topic to have the portal FQDN configurable made that seem inappropriate. For right now, added a more explicit warning to the README.
Not quite sure why that’d be needed (as it doesn’t change any httpd configuration), but easy enough to do. Fixed.
Fixes are pushed to the github repo, new RPM is built, should appear in my repo within a half hour or so.
Guys, I am not sure if this fits here, but did anybody of you have a look at privacyIDEA? They provide a oss solution of a feature-rich 2fa server, that among other things even provide a free oss credentialprovider that would enable windows login with 2fa. One just has to compile it onself with Visual Studio, and I believe that a full integration in nethserver could be a great improvement! I had a look at it and the server was easy to install in centos and configure it to query neth ad. After some tinkering I was able to compile their credentialprovider (but I unfortunatelly had no time to integrate it in our windows 10 clients). In the end the need for 2fa for the windows login was considered nonessential in our case, so I focused on other stuff, but from what I had discovered this could be a really good allinone solution for 2fa so I thought, I’d mention it here just in case someone would like to have a look at it.
That really looks like it has a different, though somewhat-related, purpose. LLNG (and Keycloak, and Gluu, etc.) are SSO/IAM servers. Their purpose is to provide authentication and authorization via standard protocols (SAML, OIDC, CAS, etc), and in the course of so doing, they can implement MFA according to whatever policy you care to implement (perhaps password-only for some applications, TOTP code for others, and a hardware authenticator key for others). From what I can tell based on an admittedly-brief look at privacyIDEA, its purpose is only to provide 2FA, and it looks like it needs explicit application support for PI rather than standard protocols.
Now, if the point is to set up 2FA for a local Windows system, looks like you can do that with a YubiKey:
Not sure about TOTP codes, though.
Edit: the application that really got me looking into this was SSH certificates, which (in the version I’m seeing, anyway) requires OIDC to authenticate: