Will investigate further once we have a pure LDAP impl in.

We could have an architecture where we have an LDAP server that is then referenced by an OTP server or we could have the two somehow combined into one.

There are also requirements related to marking a token as used or token invalidation after too many bad attempts - this may be handled within the OTP server but for stronger authentication mechanisms may need to be more involved otherwise this becomes another case of falling back to PLAIN / BASIC auth.