Build a Phone based 2-Factor Auth System That Vends and Ties into LDAP
We are looking to have a 2-factor auth system build that presents an LDAP interface, ties back into an actual LDAP system, extracts a phone number from the LDAP profile, and performs real-time synchronous 2 factor authentication by calling the user and prompting for a specific phone key press.
We don't care about the technology used, but the service should run on RHEL 5/RHEL 6. Additional service fees for the outbound phone call system is fine (i.e. if you leverage a 3rd party SaaS phone system).
It should talk to standard LDAP servers including 389 and Apache Directory Server. It should be able to have a list of LDAP servers and fall back to other servers if the primary is unavailable. It should be able to scale to 1000+ users and handle multiple authentication requests simultanesouly. It should log to syslog or have a clear and easily parseable detailed log format.