{"id":"jcresencia-openvpn-server-ldap-otp","name":"openvpn-server-ldap-otp","homepage":"https://hub.docker.com/r/jcresencia/openvpn-server-ldap-otp","repo_url":"https://hub.docker.com/r/jcresencia/openvpn-server-ldap-otp","category":"infrastructure","subcategories":[],"tags":["openvpn","ldap","otp","mfa","vpn","authentication","infrastructure"],"what_it_does":"openvpn-server-ldap-otp combines OpenVPN with LDAP-backed authentication and OTP (one-time password) verification (typically for MFA) so VPN access can be gated by directory attributes plus a time-based or token-based second factor.","use_cases":["Provide VPN access to users authenticated against an LDAP directory","Add MFA (OTP) to VPN login flows using an external OTP provider/validator","Centralize access control for remote users with LDAP group/role checks plus OTP"],"not_for":["Use as a standalone authentication provider without configuring LDAP/OTP components","Environments that require a fully managed SaaS experience or a simple hosted onboarding flow","Agent-driven programmatic integration (it is primarily an infrastructure/server configuration, not an API product)"],"best_when":"You control the server infrastructure and can securely operate OpenVPN alongside LDAP and an OTP mechanism (including certificate management and directory/OTP configuration).","avoid_when":"You need a turnkey, API-first integration with managed secrets and observability; or you cannot meet operational requirements (networking, LDAP availability, certificate/crypto hardening).","alternatives":["OpenVPN Access Server (commercial, more integrated management)","WireGuard with external auth integration (e.g., via RADIUS/LDAP + MFA where supported)","NPS/RADIUS-based VPN auth with LDAP-backed identity and MFA"],"af_score":20.2,"security_score":50.2,"reliability_score":28.8,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:53:15.914767+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["LDAP-backed authentication","OTP-based second factor (MFA)"],"oauth":false,"scopes":false,"notes":"Authentication is performed at the VPN/server access layer via LDAP and OTP; no API-style OAuth scopes apply."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No SaaS pricing information provided; this appears to be self-hosted infrastructure software."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":20.2,"security_score":50.2,"reliability_score":28.8,"mcp_server_quality":0.0,"documentation_accuracy":20.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":35.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":75.0,"scope_granularity":20.0,"dependency_hygiene":50.0,"secret_handling":40.0,"security_notes":"Strengths: combines directory auth with an OTP second factor (MFA). Major security considerations for this class of deployment include ensuring TLS for OpenVPN and LDAP (LDAPS/StartTLS), secure storage/handling of OTP seeds/keys and LDAP bind credentials, and robust certificate/key management. Lack of observable package/manifests and deployment docs here prevents verifying dependency hygiene and exact secret-handling behavior.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This is primarily a server configuration/deployment; LLM agents may struggle without clear runbooks and safe deployment practices","Security-critical settings (LDAP bind credentials, OTP secrets, TLS/certificates) require careful handling; agents may accidentally log or mishandle secrets if not explicitly constrained","Operational failures (LDAP outages, OTP validator misconfiguration) will typically surface as connectivity/auth errors rather than machine-friendly API responses"]}}