privacyidea.log

[2015-02-24>> 11:18:51,138][6222][140443699234560][WARNING][privacyidea.lib.config:451]

unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:18:51,179][6222][140443699234560][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:08,958][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:09,002][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:09,040][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:09,078][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:09,120][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

11:19:09,161][6222][140443682449152][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:20:56,234][22034][140178216625920][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:20:56,398][22034][140178216625920][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:20:56,541][22034][140178115913472][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:20:56,588][22034][140178115913472][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:21:02,008][22034][140178115913472][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:21:20,223][22034][140178107520768][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:21:20,281][22034][140178107520768][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

[2015-02-24

12:21:20,446][22034][140178115913472][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))

On Tuesday, February 24, 2015 at 12:27:42 PM UTC+1, Stefan Steuer wrote:

Can you please explain step 2?

After I reinstall Privacyidea … it works…
Thank you for the great support!

I’ll install the PI on saturday/sunday on my productive enviroment and give
you a feedback!>

Hi Cornelius,
I think that there is a big bug or a wrong config of my site

Now I’ll get the login screen but…

e.g. my credentials are M.Mustermann and the pw testpassword123!

But now I’m able to login with any password e.g. M.Mustermann kfgafasdasd
or M.Mustermann and twfnaedsfOn Monday, February 23, 2015 at 11:04:12 PM UTC+1, Cornelius Kölbel wrote:

Hi Stefan,

…here we go.

I checked this module on my site. Please take a look, if it works for you
either.

https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA-4_0.pm

In the header of the module you can see, how it should be configured in
Kernel/Config.pm.

$Self->{‘AuthModule’} = ‘Kernel::System::Auth::privacyIDEA’;

$Self->{‘AuthModule::privacyIDEA::URL’} = \ #
“https://localhost/validate/check” https://localhost/validate/check; #
$Self->{‘AuthModule::privacyIDEA::disableSSLCheck’} = “yes”;
Note, that you need to call /validate/check now, not simplecheck.
If you have no valid certificate you need to define anything in
disableSSLCheck, like “yes”

Kind regards
Cornelius

Am 23.02.2015 um 19:48 schrieb Stefan Steuer:

oh okay

On Monday, February 23, 2015 at 6:06:57 PM UTC+1, Cornelius Kölbel wrote:

I can say as much as this:
otrs 4.0 has changed a lot over 3.
This will be a new privacyidea otrs module!

Kind regards
Cornelius

Am 23.02.2015 um 17:41 schrieb Cornelius Kölbel:

Good news!
I was able to reproduce the problem.
So the half way is done, now

Running a vanilla OTRS 4.0.5.

Kind regards
Cornelius

Am 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

Just looking into it.

Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm… any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36

See:

Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

But it looks like, as if it still should exist int 4:

Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n

On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

Okay… i just found the issue…
when I downloaded the file with wget he added some courios google
content…

Now I’ll get an error 500 (apache error) which I can fix - hopefully

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Can you please explain step 2?>

I am a bit concerned - what was it, that you were able to authenticate
to OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less things to
go wrong

If you go to the token details you can:

• reset the OTP PIN and
• you have the action “Test token”.
  You can enter the OTP PIN and the OTP value there and click “test token”.

Kind regards
CorneliusAm 24.02.2015 um 10:40 schrieb Stefan Steuer:

I'm sorry but now I'm not able to login (with the old and new
file) .....arghhhhh...

Attached you’ll find the screenshots of my configuration.

Apache error code is:

    can not authenticate: wrong otp pin

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVN0hBbkFBb0pFQkJoWkZVdWpZRkpKMjRQK1FGSm9lcGpJcjBZUEZURWZYM1dN
d24rDQpMZjN1VmVWUEhpWm1tZFBwbWNWdzRyN1hFMDNqZCtnMnNqeEZoenQvMjdoZDVaZUM1c0w1
dmFnd25NY0JLVGx3DQpZbTB0N2Y3aHg2b05DOFF4YytxcloxeFNyWHlycG5nbE1yelV3dnBHMGoy
ZGdnY2lXYU41MU00cSs2MlNWOC8zDQpZU0YrMTFjTGxzcHBUWDE1Rm9oMHdBMmhka3JRa1IwV3h6
NG1GOG1GNlJIYnBLNXBTYVdEamllTmJ2OWw0N21ZDQpsM1l1V1RzZHBaRTk3Uko2WFhTdnc3RlUz
bm9zZEoyQjRXNjJNbzNhN0g1NThyMFkvbmtCbkgxUHpnNWNyV25sDQp2dkZzS01JVTJGWktveUF3
QmdtK3JTRjllQ01qYXI4bHVPWDZSOTVlYnZBRmk2WmhlYmRPWXhSSlJwMzVOQmpjDQpKNm9FTTlk
UDJSYXo5Sjk4MUEwWlQ1a1gzQjU4bjBVTjRzejk0SDNGWXRrRHprbGFxUzRudWhFZjNrMzNwWnBu
DQpjOG5VTnMwc0J1Zjl0cXA0dk9RbzNDbjNWTkFDSk1JNGZHQm8yNUtPalc0b2x3Ni9uYVdtOU40
eVRUNGlIZDAzDQpEdkhPbm1jeFh1d28rcHpxY3lodnFFNWtnZlNlL29wMktTeDRJWW51WjZIU2hj
TzF5QTYwOHNzSklramRhYzNRDQp0eUhIdFh1cmVaTGdqZllFUSs1LzZtUFlaZjRYVjYyODVSeGM4
VjltNUR1cDgzZUU2VEVTQ3FoOHhkWlpwdWh4DQpjaXAxMERramtYcEJHTC9VSmhFNGRNUUNabEpP
N0Z1c3FBQVhEWGFyOXJJQVA0SmdoTDRKeVF3MWVFUUNKcXZiDQpPcE4xaHdYNjdKTFBTSGJiUjk1
WA0KPWtnVkcNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

for what it’s worth:

You can increase the log level

PI_LOGLEVEL = 10

and see if something useful comes up in the log.

If nothing comes up, I would use pip install and my homework is to
create a stable wheezy package.

Kind regards
CorneliusAm 24.02.2015 um 13:39 schrieb Stefan Steuer:

so I deleted all policies: same result with both.

64bit wheezy

On Tuesday, February 24, 2015 at 1:35:53 PM UTC+1, Cornelius Kölbel wrote:

I remember you had a strange policy with no meaning.
Please delete the policy.
(Delete all policies!)

Obviously the wheezy package is not stable in your case.
Is it a 32bit or 64bit system?

As a last resort, you should remove the package and install via pip.

Kind regards
Cornelius

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f4a81216-8b95-4a5d-ac68-9f89426d5018%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/f4a81216-8b95-4a5d-ac68-9f89426d5018%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

ok great.On Tuesday, February 24, 2015 at 4:32:40 PM UTC+1, Cornelius Kölbel wrote:

Hi Stefan,

I wonder what got mixed up there.

You can login with only that what I call the OTP value by

1. either setting the OTP PIN = “” (oups I think you can not do this via
   the web ui)
2. or you define a policy like this…

Kind regards
Cornelius

Am 24.02.2015 um 16:09 schrieb Stefan Steuer:

One last question

Is it possible to login with the OTP/google auth-code without the pin?

On Tuesday, February 24, 2015 at 4:04:15 PM UTC+1, Stefan Steuer wrote:

After I reinstall Privacyidea … it works…
Thank you for the great support!

I’ll install the PI on saturday/sunday on my productive enviroment and
give you a feedback!

 -- 

You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

same error.On Tuesday, February 24, 2015 at 12:39:38 PM UTC+1, Cornelius Kölbel wrote:

Your logfile realm shows…

…nothing.

Step 2:
I can not see this behaviour on a debian machine I have.
But I have not resolver to an OTRS on this debian at the moment.
So I want to rule out, that it is something with the resolvers.

I know that using a password resolver should work. The resolver might
introduce some strange behaviour due to the policy checkings.

So you need to create a new userresolver pointing to /etc/passwd and
create a new realm with this resolver.
Than enroll a new token with a user from this resolver.
A token without a user assigned, will not check. This is a bug i just
fixed.

Kind regards
Cornelius

Am 24.02.2015 um 12:24 schrieb Cornelius Kölbel:

Please also take a look at /var/log/privacyidea/privacyidea.log

Am 24.02.2015 um 12:10 schrieb Cornelius Kölbel:

It seems to me that the wheezy package is not playing that well. I can not
see these issues on another distribution.

Can you please:

1. install python-virtualenv
   apt-get install python-virtualenv
   and restart the webserver

2. create a useridresolver of /etc/passwd and create a realm with this
   resolver.
   enroll a new token to a user from passwd, to see if this is somehow
   linked to the sqlusers…

Kind regards
Cornelius

Am 24.02.2015 um 11:18 schrieb Stefan Steuer:

So i created a HOTP.

Set Pin to “123456”
Scan the barcode.
Go to test test line

Enter 123456 and the token out of the google auth.

Wrong OTP.

On Tuesday, February 24, 2015 at 11:09:23 AM UTC+1, Cornelius Kölbel wrote:

I am a bit concerned - what was it, that you were able to authenticate
to OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less things to
go wrong

If you go to the token details you can:

• reset the OTP PIN and
• you have the action “Test token”.
  You can enter the OTP PIN and the OTP value there and click “test token”.

Kind regards
Cornelius

Am 24.02.2015 um 10:40 schrieb Stefan Steuer:

I’m sorry but now I’m not able to login (with the old and new file)

…arghhhhh…

Attached you’ll find the screenshots of my configuration.

Apache error code is:

can not authenticate: wrong otp pin

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EC5F88.4000709%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EC5F88.4000709%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Hi Stefan,

I wonder what got mixed up there.

You can login with only that what I call the OTP value by

1. either setting the OTP PIN = “” (oups I think you can not do this via
   the web ui)
2. or you define a policy like this…

Kind regards
CorneliusAm 24.02.2015 um 16:09 schrieb Stefan Steuer:

One last question

Is it possible to login with the OTP/google auth-code without the pin?

On Tuesday, February 24, 2015 at 4:04:15 PM UTC+1, Stefan Steuer wrote:

After I reinstall Privacyidea ... it works..... :)
Thank you for the great support!

I'll install the PI on saturday/sunday on my productive enviroment
and give you a feedback!

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

ARI-1.png1024×590 82.7 KB

Your logfile realm shows…

…nothing.

Step 2:
I can not see this behaviour on a debian machine I have.
But I have not resolver to an OTRS on this debian at the moment.
So I want to rule out, that it is something with the resolvers.

I know that using a password resolver should work. The resolver might
introduce some strange behaviour due to the policy checkings.

So you need to create a new userresolver pointing to /etc/passwd and
create a new realm with this resolver.
Than enroll a new token with a user from this resolver.
A token without a user assigned, will not check. This is a bug i just fixed.

Kind regards
CorneliusAm 24.02.2015 um 12:24 schrieb Cornelius Kölbel:

Please also take a look at /var/log/privacyidea/privacyidea.log

Am 24.02.2015 um 12:10 schrieb Cornelius Kölbel:

It seems to me that the wheezy package is not playing that well. I
can not see these issues on another distribution.

Can you please:

1. install python-virtualenv
   apt-get install python-virtualenv
   and restart the webserver

2. create a useridresolver of /etc/passwd and create a realm with
   this resolver.
   enroll a new token to a user from passwd, to see if this is
   somehow linked to the sqlusers…

Kind regards
Cornelius

Am 24.02.2015 um 11:18 schrieb Stefan Steuer:

So i created a HOTP.

Set Pin to “123456”
Scan the barcode.
Go to test test line

Enter 123456 and the token out of the google auth.

Wrong OTP.

On Tuesday, February 24, 2015 at 11:09:23 AM UTC+1, Cornelius Kölbel wrote:

I am a bit concerned - what was it, that you were able to
authenticate to OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less
things to go wrong ;-)

If you go to the token details you can:

* reset the OTP PIN and
* you have the action "Test token".
You can enter the OTP PIN and the OTP value there and click
"test token".

Kind regards
Cornelius

Am 24.02.2015 um 10:40 schrieb Stefan Steuer:

    I'm sorry but now I'm not able to login (with the old and
    new file) .....arghhhhh...

Attached you'll find the screenshots of my configuration.

Apache error code is: 

        can not authenticate: wrong otp pin



 
-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EC5F88.4000709%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EC5F88.4000709%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

It seems to me that the wheezy package is not playing that well. I can
not see these issues on another distribution.

Can you please:

1. install python-virtualenv
   apt-get install python-virtualenv
   and restart the webserver

2. create a useridresolver of /etc/passwd and create a realm with this
   resolver.
   enroll a new token to a user from passwd, to see if this is somehow
   linked to the sqlusers…

Kind regards
CorneliusAm 24.02.2015 um 11:18 schrieb Stefan Steuer:

So i created a HOTP.

Set Pin to “123456”
Scan the barcode.
Go to test test line

Enter 123456 and the token out of the google auth.

Wrong OTP.

On Tuesday, February 24, 2015 at 11:09:23 AM UTC+1, Cornelius Kölbel wrote:

I am a bit concerned - what was it, that you were able to
authenticate to OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less
things to go wrong ;-)

If you go to the token details you can:

* reset the OTP PIN and
* you have the action "Test token".
You can enter the OTP PIN and the OTP value there and click "test
token".

Kind regards
Cornelius

Am 24.02.2015 um 10:40 schrieb Stefan Steuer:

    I'm sorry but now I'm not able to login (with the old and
    new file) .....arghhhhh...

Attached you'll find the screenshots of my configuration.

Apache error code is: 

        can not authenticate: wrong otp pin



 
-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

I’ll reset my vm and reinstall otrs and privayidea ;)On Tuesday, February 24, 2015 at 2:52:35 PM UTC+1, Cornelius Kölbel wrote:

for what it’s worth:

You can increase the log level

PI_LOGLEVEL = 10

and see if something useful comes up in the log.

If nothing comes up, I would use pip install and my homework is to create
a stable wheezy package.

Kind regards
Cornelius

Am 24.02.2015 um 13:39 schrieb Stefan Steuer:

so I deleted all policies: same result with both.

64bit wheezy

On Tuesday, February 24, 2015 at 1:35:53 PM UTC+1, Cornelius Kölbel wrote:

I remember you had a strange policy with no meaning.
Please delete the policy.
(Delete all policies!)

Obviously the wheezy package is not stable in your case.
Is it a 32bit or 64bit system?

As a last resort, you should remove the package and install via pip.

Kind regards
Cornelius

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f4a81216-8b95-4a5d-ac68-9f89426d5018%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/f4a81216-8b95-4a5d-ac68-9f89426d5018%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Next bug is that when I want to use the ldap-resolver and enroll a token
I’ll get the following error.
Found more than one object for Loginname u’s.steuer’

privacylog:

[2015-02-28
21:00:03,142][25486][140692787885824][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-02-28
21:00:03,263][25486][140692787885824][ERROR][privacyidea.app:1423]
Exception on /token/init [POST]
Traceback (most recent call last):
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1817, in wsgi_app
response = self.full_dispatch_request()
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1475, in full_dispatch_request
rv = self.dispatch_request()
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1461, in dispatch_request
return self.view_functionsrule.endpoint
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py",
line 79, in policy_wrapper
action=self.action)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py",
line 167, in check_max_token_realm
user_object = get_user_from_param(params)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
line 403, in get_user_from_param
user_object = User(login=username, realm=realm)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/log.py",
line 101, in log_wrapper
f_result = func(*args, **kwds)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
line 87, in init
self.get_resolvers()
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
line 172, in get_resolvers
uid = y.getUserId(self.login)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
line 241, in getUserId
LoginName)
Exception: Found more than one object for Loginname u’s.steuer’

Dear Cornelius,
now I installed privacyidea without any errors in my “live environment”
ldap works fine

But

when I try to get the user list with the mysql-resolver I’ll get the
following error code.
OTRS 4 use another codec in the mysql db.

‘utf8’ codec can’t decode byte 0xfc in position 1: invalid start byte

This probably is a misconfiguration in your LDAP resolver.

What does your LDAP Resolver settings look like?

What is your login attribute?
Your Search FIlter and User Filter?

This part of the code takes your searchfilter and constructs an ldap
filter like this:

(&(......)(<LoginAtribute>=s.steuer))

you might want to check with ldaputils (ldapsearch), which conflicting
object are found.

Kind regards
CorneliusAm 28.02.2015 um 21:01 schrieb Stefan Steuer:

Next bug is that when I want to use the ldap-resolver and enroll a
token I’ll get the following error.
Found more than one object for Loginname u’s.steuer’

privacylog:

[2015-02-28
21:00:03,142][25486][140692787885824][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-02-28
21:00:03,263][25486][140692787885824][ERROR][privacyidea.app:1423]
Exception on /token/init [POST]
Traceback (most recent call last):
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1817, in wsgi_app
response = self.full_dispatch_request()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1475, in full_dispatch_request
rv = self.dispatch_request()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1461, in dispatch_request
return self.view_functionsrule.endpoint
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py”,
line 79, in policy_wrapper
action=self.action)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py”,
line 167, in check_max_token_realm
user_object = get_user_from_param(params)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 403, in get_user_from_param
user_object = User(login=username, realm=realm)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/log.py”,
line 101, in log_wrapper
f_result = func(*args, **kwds)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 87, in init
self.get_resolvers()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 172, in get_resolvers
uid = y.getUserId(self.login)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/resolvers/LDAPIdResolver.py”,
line 241, in getUserId
LoginName)
Exception: Found more than one object for Loginname u’s.steuer’

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Okay i will try it.
What’s about my other error message?

please send the log file durcing the utf8 issue.

THanks a lot
CorneliusAm 01.03.2015 um 12:57 schrieb Stefan Steuer:

The workaround for ldap works fine! Thx for that.

At least I need your support for the encoding

On Sunday, March 1, 2015 at 12:42:10 PM UTC+1, Cornelius Kölbel wrote:

I added an issue for that:
https://github.com/privacyidea/privacyidea/issues/99
<https://github.com/privacyidea/privacyidea/issues/99>

Am 01.03.2015 um 12:35 schrieb Cornelius Kölbel:

Hi Stefan,

there might be a problem with the referral chasing.
The search for the user also returns the Config partion etc...

You can work around like this:
Please use no the top level base DN like "dc=yourdomain,dc=tld",
but rather a subdir like:

    cn=users,dc=yourdomain,dc=tld.

Then it works out fine.

Kind regards
Cornelius

Am 01.03.2015 um 12:30 schrieb Cornelius Kölbel:

Good news, everybody.

I can reproduce the problem...

Looking into it.

Kind regards
Cornelius

Am 01.03.2015 um 11:47 schrieb Stefan Steuer:

I used the default ldap-filter from your example (active directory)

On Sunday, March 1, 2015 at 12:10:35 AM UTC+1, Cornelius Kölbel wrote:

    This probably is a misconfiguration in your LDAP resolver.

    What does your LDAP Resolver settings look like?

    What is your login attribute?
    Your Search FIlter and User Filter?

    This part of the code takes your searchfilter and
    constructs an ldap filter like this:

        (&(......)(<LoginAtribute>=s.steuer))

    you might want to check with ldaputils (ldapsearch), which
    conflicting object are found.

    Kind regards
    Cornelius

    Am 28.02.2015 um 21:01 schrieb Stefan Steuer:

    Next bug is that when I want to use the ldap-resolver and
    enroll a token I'll get the following error.
    Found more than one object for Loginname u's.steuer'

    privacylog:

    [2015-02-28
    21:00:03,142][25486][140692787885824][WARNING][privacyidea.lib.config:451]
    unable to load resolver module :
    'resolvers.SCIMIdResolver' (ImportError('cannot import
    name getResolverClass',))
    [2015-02-28
    21:00:03,263][25486][140692787885824][ERROR][privacyidea.app:1423]
    Exception on /token/init [POST]
    Traceback (most recent call last):
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
    line 1817, in wsgi_app
        response = self.full_dispatch_request()
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
    line 1477, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
    line 1381, in handle_user_exception
        reraise(exc_type, exc_value, tb)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
    line 1475, in full_dispatch_request
        rv = self.dispatch_request()
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
    line 1461, in dispatch_request
        return self.view_functions[rule.endpoint](**req.view_args)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py",
    line 79, in policy_wrapper
        action=self.action)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py",
    line 167, in check_max_token_realm
        user_object = get_user_from_param(params)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
    line 403, in get_user_from_param
        user_object = User(login=username, realm=realm)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/log.py",
    line 101, in log_wrapper
        f_result = func(*args, **kwds)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
    line 87, in __init__
        self.get_resolvers()
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py",
    line 172, in get_resolvers
        uid = y.getUserId(self.login)
      File
    "/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/resolvers/LDAPIdResolver.py",
    line 241, in getUserId
        LoginName)
    Exception: Found more than one object for Loginname
    u's.steuer'
     
    -- 
    You received this message because you are subscribed to
    the Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails
    from it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to
    priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com
    <https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/70f4d765-c57c-4b39-9dcf-0aefb62b8faf%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/70f4d765-c57c-4b39-9dcf-0aefb62b8faf%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54F2F858.6020308%40privacyidea.org
<https://groups.google.com/d/msgid/privacyidea/54F2F858.6020308%40privacyidea.org?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54F2F998.7070507%40privacyidea.org
<https://groups.google.com/d/msgid/privacyidea/54F2F998.7070507%40privacyidea.org?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/86229ea0-8cd3-4d59-9f74-50bb8bd29d99%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/86229ea0-8cd3-4d59-9f74-50bb8bd29d99%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

The workaround for ldap works fine! Thx for that.

At least I need your support for the encoding ;)On Sunday, March 1, 2015 at 12:42:10 PM UTC+1, Cornelius Kölbel wrote:

I added an issue for that:
LDAP resolver for AD does return more than one user · Issue #99 · privacyidea/privacyidea · GitHub

Am 01.03.2015 um 12:35 schrieb Cornelius Kölbel:

Hi Stefan,

there might be a problem with the referral chasing.
The search for the user also returns the Config partion etc…

You can work around like this:
Please use no the top level base DN like “dc=yourdomain,dc=tld”, but
rather a subdir like:

cn=users,dc=yourdomain,dc=tld.

Then it works out fine.

Kind regards
Cornelius

Am 01.03.2015 um 12:30 schrieb Cornelius Kölbel:

Good news, everybody.

I can reproduce the problem…

Looking into it.

Kind regards
Cornelius

Am 01.03.2015 um 11:47 schrieb Stefan Steuer:

I used the default ldap-filter from your example (active directory)

On Sunday, March 1, 2015 at 12:10:35 AM UTC+1, Cornelius Kölbel wrote:

This probably is a misconfiguration in your LDAP resolver.

What does your LDAP Resolver settings look like?

What is your login attribute?
Your Search FIlter and User Filter?

This part of the code takes your searchfilter and constructs an ldap
filter like this:

(&(......)(<LoginAtribute>=s.steuer))

you might want to check with ldaputils (ldapsearch), which conflicting
object are found.

Kind regards
Cornelius

Am 28.02.2015 um 21:01 schrieb Stefan Steuer:

Next bug is that when I want to use the ldap-resolver and enroll a token
I’ll get the following error.
Found more than one object for Loginname u’s.steuer’

privacylog:

[2015-02-28
21:00:03,142][25486][140692787885824][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-02-28
21:00:03,263][25486][140692787885824][ERROR][privacyidea.app:1423]
Exception on /token/init [POST]
Traceback (most recent call last):
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1817, in wsgi_app
response = self.full_dispatch_request()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1475, in full_dispatch_request
rv = self.dispatch_request()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py”,
line 1461, in dispatch_request
return self.view_functionsrule.endpoint
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py”,
line 79, in policy_wrapper
action=self.action)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py”,
line 167, in check_max_token_realm
user_object = get_user_from_param(params)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 403, in get_user_from_param
user_object = User(login=username, realm=realm)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/log.py”,
line 101, in log_wrapper
f_result = func(*args, **kwds)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 87, in init
self.get_resolvers()
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/user.py”,
line 172, in get_resolvers
uid = y.getUserId(self.login)
File
“/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/lib/resolvers/LDAPIdResolver.py”,
line 241, in getUserId
LoginName)
Exception: Found more than one object for Loginname u’s.steuer’

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/6e4e906e-05c2-44e3-b908-612e55663023%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/70f4d765-c57c-4b39-9dcf-0aefb62b8faf%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/70f4d765-c57c-4b39-9dcf-0aefb62b8faf%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54F2F858.6020308%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54F2F858.6020308%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54F2F998.7070507%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54F2F998.7070507%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Following you’ll the logfile

[2015-03-01
13:15:00,870][2707][140016716265216][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:01,707][2707][140016699479808][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:10,736][2707][140016716265216][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:14,389][2707][140016607160064][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:14,394][2707][140016607160064][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:14,395][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Map’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,395][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Database’ is not a parameter for the resolver
u’sqlresolver’
[2015-03-01
13:15:14,395][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Driver’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,395][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Server’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,396][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Limit’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,396][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’User’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,396][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Table’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:14,396][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Password’ is not a parameter for the resolver
u’sqlresolver’
[2015-03-01
13:15:14,396][2707][140016607160064][WARNING][privacyidea.lib.resolver:128]
the passed key u’Port’ is not a parameter for the resolver u’sqlresolver’
[2015-03-01
13:15:21,979][2707][140016716265216][WARNING][privacyidea.lib.config:451]
unable to load resolver module : ‘resolvers.SCIMIdResolver’
(ImportError(‘cannot import name getResolverClass’,))
[2015-03-01
13:15:22,016][2707][140016716265216][ERROR][privacyidea.app:1423] Exception
on /user/ [GET]
Traceback (most recent call last):
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1817, in wsgi_app
response = self.full_dispatch_request()
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1475, in full_dispatch_request
rv = self.dispatch_request()
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/app.py",
line 1461, in dispatch_request
return self.view_functionsrule.endpoint
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/prepolicy.py",
line 80, in policy_wrapper
return wrapped_function(*args, **kwds)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/user.py",
line 97, in get_users
return send_result(users)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/api/lib/utils.py",
line 124, in send_result
return jsonify(res)
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/json.py",
line 238, in jsonify
indent=indent),
File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/flask/json.py",
line 126, in dumps
rv = _json.dumps(obj, **kwargs)
File “/usr/lib/python2.7/json/init.py”, line 238, in dumps
**kw).encode(obj)
File “/usr/lib/python2.7/json/encoder.py”, line 202, in encode
chunks = list(chunks)
File “/usr/lib/python2.7/json/encoder.py”, line 427, in _iterencode
for chunk in _iterencode_dict(o, _current_indent_level):
File “/usr/lib/python2.7/json/encoder.py”, line 401, in _iterencode_dict
for chunk in chunks:
File “/usr/lib/python2.7/json/encoder.py”, line 401, in _iterencode_dict
for chunk in chunks:
File “/usr/lib/python2.7/json/encoder.py”, line 325, in _iterencode_list
for chunk in chunks:
File “/usr/lib/python2.7/json/encoder.py”, line 383, in _iterencode_dict
yield _encoder(value)
UnicodeDecodeError: ‘utf8’ codec can’t decode byte 0xfc in position 1:
invalid start byte