https://github.com/multiOTP/multiotp

volume="/docker/multiotp"
mkdir $volume
sudo chown -R 1000:1000 $volume
 
docker run --name multiotp \
-v $volume/data:/etc/multiotp \
-v $volume/freeradius/config:/etc/freeradius \
-v $volume/multiotp/log:/var/log/multiotp \
-v $volume/freeradius/log:/var/log/freeradius \
-p 8080:80 \
-p 8443:443 \
-p 1812:1812/udp \
-p 1813:1813/udp \
-d multiotp/multiotp-open-source

docker exec -it multiotp sh
# set alias
alias multiotp=/usr/local/bin/multiotp/multiotp.php
 
# Decide if you want that by default, created users need to type a prefix PIN (1|0):
multiotp -config default-request-prefix-pin=0
# Decide if you want that by default, created users need to type their Active Directory password instead of PIN (1|0):
multiotp -config default-request-ldap-pwd=1
# Set the AD/LDAP server type (1=Active Directory | 2=standard LDAP):
multiotp -config ldap-server-type=1
# Set the user CN identifier (sAMAccountName, eventually userPrincipalName):
multiotp -config ldap-cn-identifier="sAMAccountName"
# Set the group CN identifier (sAMAccountName for Active Directory):
multiotp -config ldap-group-cn-identifier="sAMAccountName"
# Set the group attribute:
multiotp -config ldap-group-attribute="memberOf"
# Decide if you want to use by default an SSL connection or not (0|1):
multiotp -config ldap-ssl=0
# Set the default port (389=regular | 636=SSL connection):
multiotp -config ldap-port=389
# Set the Active Directory server(s), comma separated:
multiotp -config ldap-domain-controllers=dc1.example.com,dc2.example.com,dc3.example.com
# Set the Base DN:
multiotp -config ldap-base-dn="DC=example,DC=com"
# Set the Bind DN (which is the account used to connect to the AD/LDAP):
multiotp -config ldap-bind-dn="CN=sa_ldap,OU=_ServiceAccount,DC=example,DC=com"
# Set the password of the user used to search in the Active Directory:
multiotp -config ldap-server-password="BindDNAccountPassword12345"
# In which groups users must be in the Active Directory in order to be added:
multiotp -config ldap-in-group="VPN-access"
# Set the network timeout
multiotp -config ldap-network-timeout=10
# Set the transaction time limit
multiotp -config ldap-time-limit=30
# Activate the AD/LDAP support (0|1):
multiotp -config ldap-activated=1
# Let's go for an AD/LDAP users synchronisation ! (users removed or deactivated in the AD/LDAP are deactivated in multiOTP)
multiotp -debug -display-log -ldap-users-sync

Вывод при синхронизации

LOG 2023-08-08 09:32:37 debug LDAP Debug: *AD/LDAP synchronization started at 09:32:37 / Memory used: 1.6MB / Peak: 1.6MB
LOG 2023-08-08 09:32:37 info LDAP Info: AD/LDAP synchronization started
LOG 2023-08-08 09:32:37 debug System Debug: *LDAP cache folder created (/tmp/.ldap_cache/)
LOG 2023-08-08 09:32:37 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/ivanov.db
LOG 2023-08-08 09:32:40 info System Info: User ivanov automatically created
LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/petrov.db
LOG 2023-08-08 09:32:40 info System Info: User petrov automatically created
LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/sidorov.db
LOG 2023-08-08 09:32:40 info System Info: User sidorov automatically created
LOG 2023-08-08 09:32:40 info LDAP Info: 3 users created, based on 3 LDAP entries (processed in 00:00:03)
19 *INFO: Requested operation successfully done

How to configure MultiOTP to synchronized the users from an Active Directory?

Go to 2FA (Двухфакторная аутентификация для ASA SSL VPN)
Настройка двухфакторной аутентификации (2FA) в Windows с помощью MultiOTP
QR code generator