Error listing LDAP users

John_Meyers · March 21, 2017, 3:48pm

When I go to the “users” view and select the Realm containing the LDAP
server, I get an error pop up that states “Found more than one object
for Loginname ‘’” and an exception is shown in the logs. However when I
click the “Test LDAP Resolver” button in the LDAP config page, I get a
popup that states “Your LDAP config seems to be OK, 95 user objects
found.” So why can’t I see the users on the user view?

I am able to see the full list of users when I use ldapsearch on the
command line:
ldapsearch -LLL -x -D ‘dn=ldap_bind,ou=users,dc=crowd’ -W -H
ldap://localhost:10389 -b ‘ou=users,dc=crowd’ ‘(uid=*)’

PrivacyIDEA 2.18-1xenial installed via the Ubuntu packages.

MySQL 5.7.17-0ubuntu0.16.04.1

Apache2 2.4.18-2ubuntu3.1

Ubuntu 16.04.2 LTS

$ sudo cat /etc/privacyidea/pi.cfg

import logging

SUPERUSER_REALM = [‘super’]

PI_ENCFILE = ‘/etc/privacyidea/enckey’

PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’

PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’

PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’

PI_LOGLEVEL = 10

PI_PEPPER = ‘–trimmed–’

SECRET_KEY = ‘–trimmed–’

SQLALCHEMY_DATABASE_URI = ‘mysql://–trimmed–@localhost/pi’

Attached is a screenshot showing the LDAP connector configuration.

To capture this log, I go to the Users page and then select the realm
that contains the LDAP user resolver:

[2017-03-21 08:24:05,683][5772][140366958487296][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.api-
.lib.utils:239] Can not get param: No JSON object could be decoded
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering get_user_from_param with arguments ({‘realm’: u’crowd-ldap’},)
and keywords {}
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering User with arguments () and keywords {‘login’: ‘’, ‘realm’:
u’crowd-ldap’}
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=’’, realm=u’crowd-
ldap’, resolver=’’),) and keywords {}
[2017-03-21
08:24:05,687][5772][140366958487296][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (u’crowd-ldap’,) and keywords {}
[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’crowd-ldap’: {‘default’: False,
‘option’: u’’, ‘resolver’: [{‘priority’: 1, ‘type’: u’ldapresolver’,
‘name’: u’crowd-ldap’}]}}
[2017-03-21
08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result [u’crowd-ldap’]
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:179] Entering get_resolver_object with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:179] Entering get_resolver_list with arguments () and keywords
{‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,690][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:179]
Entering get_resolver_list with arguments () and keywords {}
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.li-
b.config:549] None
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:191]
Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:680]
using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:179] Entering get_resolver_config with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:179] Entering get_resolver_list with arguments () and keywords
{‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:193] Exiting get_resolver_config with result HIDDEN
[2017-03-21 08:24:05,704][5772][140366958487296][DEBUG][privacyidea.lib-
.resolver:191] Exiting get_resolver_object with result
<privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at
0x7fa990e8be50>
[2017-03-21 08:24:05,705][5772][140366958487296][DEBUG][privacyidea.l-
ib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:24:06,174][5772][140366958487296][DEBUG][privacyidea.lib-
.resolvers.LDAPIdResolver:461] Searching user ‘’ in LDAP.
[2017-03-21
08:24:06,353][5772][140366958487296][ERROR][privacyidea.app:1423]
Exception on /user/ [GET]
Traceback (most recent call last):

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817,
in wsgi_app
response = self.full_dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1473, in
full_dispatch_request
rv = self.preprocess_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1666, in
preprocess_request
rv = func()

File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
324, in decorated_function
return f(*args, **kwargs)

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 77, in
before_user_request
before_request()

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 110, in before_request
request.User = get_user_from_param(request.all_data)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
555, in get_user_from_param
user_object = User(login=username, realm=realm)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
92, in init
self.get_resolvers()

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
189, in get_resolvers
uid = y.getUserId(self.login)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 151, in
cache_wrapper
f_result = func(self, *args, **kwds)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 471,
in getUserId
LoginName))

Exception: Found more than one object for Loginname ‘’

[2017-03-21 08:24:06,355][5772][140366958487296][DEBUG][privacyidea.api-
.lib.utils:239] Can not get param: No JSON object could be decoded

This log is from when I click on the “Test LDAP Resolver” button:

[2017-03-21 08:29:57,149][5772][140366874560256][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_user_from_param with arguments ({u’BINDDN’:
u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’: u’Simple’,
u’LDAPFILTER’: u’(&(uid=%s)(objectClass=inetOrgPerson))’, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)’, u’UIDTYPE’:
u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’: False, u’BINDPW’:
u’–trimmed–’, u’USERINFO’: u’{ “email” : “mail”, “surname” : “sn”,
“givenname” : “givenName” }’, u’TIMEOUT’: u’5’, u’SIZELIMIT’: u’500’,
u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False, u’CACHE_TIMEOUT’: u’120’,
u’type’: u’ldapresolver’},) and keywords {}
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering User with arguments () and keywords {‘login’: ‘’, ‘realm’: ‘’}
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=’’, realm=’’,
resolver=’’),) and keywords {}
[2017-03-21
08:29:57,153][5772][140366874560256][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (’’,) and keywords {}
[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’pi-passwd’: {‘default’: True,
‘option’: u’’, ‘resolver’: [{‘priority’: None, ‘type’:
u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’: {‘default’:
False, ‘option’: u’’, ‘resolver’: [{‘priority’: 1, ‘type’:
u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21
08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result []
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting User with result
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=’’, realm=’’,
resolver=’’),) and keywords {}
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (’’,) and keywords {}
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’pi-passwd’: {‘default’: True,
‘option’: u’’, ‘resolver’: [{‘priority’: None, ‘type’:
u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’: {‘default’:
False, ‘option’: u’’, ‘resolver’: [{‘priority’: 1, ‘type’:
u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result []
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_user_from_param with result
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.policy.PolicyClass’> already exists.
[2017-03-21
08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179]
Entering getAudit with arguments (<Config {‘JSON_AS_ASCII’: True,
‘PI_HSM’: ‘default’, ‘PI_LOGFILE’:
’/var/log/privacyidea/privacyidea.log’, ‘pi_hsm’: {‘obj’:
<privacyidea.lib.security.default.DefaultSecurityModule object at
0x7fa9a03b9450>}, ‘PI_AUDIT_KEY_PUBLIC’: ‘/etc/privacyidea/public.pem’,
‘SQLALCHEMY_POOL_RECYCLE’: None, ‘SQLALCHEMY_ECHO’: False, ‘PI_PEPPER’:
’–trimmed–’, ‘SQLALCHEMY_POOL_TIMEOUT’: None,
‘SQLALCHEMY_RECORD_QUERIES’: None, ‘PI_ENCFILE’:
’/etc/privacyidea/enckey’, ‘SESSION_COOKIE_DOMAIN’: None,
‘SESSION_COOKIE_NAME’: ‘session’, ‘pi_token_types’: [‘registration’,
‘yubikey’, ‘radius’, ‘tiqr’, ‘pw’, ‘daplug’, ‘u2f’, ‘spass’, ‘4eyes’,
‘paper’, ‘motp’, ‘sms’, ‘email’, ‘totp’, ‘remote’, ‘hotp’,
‘certificate’, ‘yubico’, ‘sshkey’, ‘question’],
‘SQLALCHEMY_NATIVE_UNICODE’: None, ‘MAX_CONTENT_LENGTH’: None,
‘PERMANENT_SESSION_LIFETIME’: datetime.timedelta(31),
‘SQLALCHEMY_POOL_SIZE’: None, ‘SQLALCHEMY_MAX_OVERFLOW’: None,
‘TRAP_HTTP_EXCEPTIONS’: False, ‘PRESERVE_CONTEXT_ON_EXCEPTION’: None,
‘SESSION_COOKIE_PATH’: None, ‘SQLALCHEMY_DATABASE_URI’: ‘mysql://–trimmed–
@localhost/pi’, ‘LOGGER_NAME’: ‘privacyidea.app’, ‘SECRET_KEY’: ‘–trimmed–
’, ‘APPLICATION_ROOT’: None, ‘SERVER_NAME’: None,
‘BABEL_DEFAULT_LOCALE’: ‘en’, ‘PREFERRED_URL_SCHEME’: ‘http’, ‘TESTING’:
False, ‘BABEL_DEFAULT_TIMEZONE’: ‘UTC’, ‘USE_X_SENDFILE’: False,
‘PI_AUDIT_MODULE’: ‘privacyidea.lib.auditmodules.sqlaudit’,
‘SESSION_COOKIE_SECURE’: False, ‘SQLALCHEMY_BINDS’: None, ‘DEBUG’:
False, ‘SQLALCHEMY_COMMIT_ON_TEARDOWN’: False, ‘CACHE_TYPE’: ‘simple’,
‘JSONIFY_PRETTYPRINT_REGULAR’: True, ‘PROPAGATE_EXCEPTIONS’: None,
‘PI_LOGLEVEL’: 10, ‘TRAP_BAD_REQUEST_ERRORS’: False, ‘JSON_SORT_KEYS’:
True, ‘SESSION_COOKIE_HTTPONLY’: True, ‘SEND_FILE_MAX_AGE_DEFAULT’:
43200, ‘PI_AUDIT_KEY_PRIVATE’: ‘/etc/privacyidea/private.pem’,
‘SUPERUSER_REALM’: [‘super’]}>,) and keywords {}
[2017-03-21
08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179]
Entering getAuditClass with arguments
(‘privacyidea.lib.auditmodules.sqlaudit’, ‘Audit’) and keywords {}
[2017-03-21
08:29:57,167][5772][140366874560256][DEBUG][privacyidea.lib.audit:76]
klass: <class ‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21
08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.audit:191]
Exiting getAuditClass with result <class
’privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib-
.auditmodules.sqlaudit:95] using the connect string mysql://–trimmed–
@localhost/pi
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib-
.auditmodules.sqlaudit:102] Using SQL pool_size of 20
[2017-03-21
08:29:57,169][5772][140366874560256][DEBUG][privacyidea.lib.audit:191]
Exiting getAudit with result
<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7fa990aac290>
[2017-03-21
08:29:57,170][5772][140366874560256][DEBUG][privacyidea.lib.config:179]
Entering get_from_config with arguments (‘OverrideAuthorizationClient’,)
and keywords {}
[2017-03-21 08:29:57,171][5772][140366874560256][DEBUG][privacyidea.l-
ib.config:72] The singleton <class
’privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:191]
Exiting get_from_config with result None
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.api-
.resolver:179] Entering test_resolver with arguments () and keywords {}
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib-
.resolver:179] Entering pretestresolver with arguments (u’ldapresolver’,
{u’BINDDN’: u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’: u’Simple’,
u’LDAPFILTER’: u’(&(uid=%s)(objectClass=inetOrgPerson))’, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)’, u’UIDTYPE’:
u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’: False, u’BINDPW’:
u’–trimmed–’, u’USERINFO’: u’{ “email” : “mail”, “surname” : “sn”,
“givenname” : “givenName” }’, u’TIMEOUT’: u’5’, u’SIZELIMIT’: u’500’,
u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False, u’CACHE_TIMEOUT’: u’120’,
u’type’: u’ldapresolver’}) and keywords {}
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:179]
Entering get_resolver_list with arguments () and keywords {}
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.li-
b.config:549] None
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:191]
Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:680]
using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:29:57,177][5772][140366874560256][DEBUG][privacyidea.l-
ib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:29:57,893][5772][140366874560256][DEBUG][privacyidea.lib-
.resolver:191] Exiting pretestresolver with result (True, u’Your LDAP
config seems to be OK, 95 user objects found.’)
[2017-03-21 08:29:57,895][5772][140366874560256][DEBUG][privacyidea.-
api.resolver:191] Exiting test_resolver with result <Response 308
bytes [200 OK]>

cornelinux · March 26, 2017, 9:49pm

Hi John,

you seem to have a problem in your attribute mapping or your users.
You might have some users with an empty uid?

Kind regards
CorneliusAm Dienstag, 21. März 2017 16:48:46 UTC+1 schrieb John Meyers:

When I go to the “users” view and select the Realm containing the LDAP
server, I get an error pop up that states “Found more than one object for
Loginname ‘’” and an exception is shown in the logs. However when I click
the “Test LDAP Resolver” button in the LDAP config page, I get a popup that
states “Your LDAP config seems to be OK, 95 user objects found.” So why
can’t I see the users on the user view?

I am able to see the full list of users when I use ldapsearch on the
command line:
ldapsearch -LLL -x -D ‘dn=ldap_bind,ou=users,dc=crowd’ -W -H
ldap://localhost:10389 -b ‘ou=users,dc=crowd’ ‘(uid=*)’

PrivacyIDEA 2.18-1xenial installed via the Ubuntu packages.
MySQL 5.7.17-0ubuntu0.16.04.1
Apache2 2.4.18-2ubuntu3.1
Ubuntu 16.04.2 LTS

$ sudo cat /etc/privacyidea/pi.cfg
import logging
SUPERUSER_REALM = [‘super’]
PI_ENCFILE = ‘/etc/privacyidea/enckey’
PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’
PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’
PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’
PI_LOGLEVEL = 10
PI_PEPPER = ‘–trimmed–’
SECRET_KEY = ‘–trimmed–’
SQLALCHEMY_DATABASE_URI = ‘mysql://–trimmed–@localhost/pi’

Attached is a screenshot showing the LDAP connector configuration.

To capture this log, I go to the Users page and then select the realm that
contains the LDAP user resolver:

[2017-03-21
08:24:05,683][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.api.lib.utils:239]
Can not get param: No JSON object could be decoded
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering get_user_from_param with arguments ({‘realm’: u’crowd-ldap’},) and
keywords {}
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering User with arguments () and keywords {‘login’: ‘’, ‘realm’:
u’crowd-ldap’}
[2017-03-21
08:24:05,686][5772][140366958487296][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=‘’,
realm=u’crowd-ldap’, resolver=‘’),) and keywords {}
[2017-03-21
08:24:05,687][5772][140366958487296][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (u’crowd-ldap’,) and keywords {}
[2017-03-21
08:24:05,687][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’crowd-ldap’: {‘default’: False, ‘option’:
u’‘, ‘resolver’: [{‘priority’: 1, ‘type’: u’ldapresolver’, ‘name’:
u’crowd-ldap’}]}}
[2017-03-21
08:24:05,688][5772][140366958487296][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result [u’crowd-ldap’]
[2017-03-21
08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179]
Entering get_resolver_object with arguments (u’crowd-ldap’,) and keywords {}
[2017-03-21
08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179]
Entering get_resolver_list with arguments () and keywords
{‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21
08:24:05,689][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:24:05,690][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193]
Exiting get_resolver_list with result HIDDEN
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:179]
Entering get_resolver_list with arguments () and keywords {}
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:549] None
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:191]
Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:680]
using the module list: set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:24:05,691][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21
08:24:05,692][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179]
Entering get_resolver_config with arguments (u’crowd-ldap’,) and keywords {}
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.resolver:179]
Entering get_resolver_list with arguments () and keywords
{‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21
08:24:05,701][5772][140366958487296][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193]
Exiting get_resolver_list with result HIDDEN
[2017-03-21
08:24:05,703][5772][140366958487296][DEBUG][privacyidea.lib.resolver:193]
Exiting get_resolver_config with result HIDDEN
[2017-03-21
08:24:05,704][5772][140366958487296][DEBUG][privacyidea.lib.resolver:191]
Exiting get_resolver_object with result
<privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at
0x7fa990e8be50>
[2017-03-21
08:24:05,705][5772][140366958487296][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:680]
Added localhost, 10389, False to server pool.
[2017-03-21
08:24:06,174][5772][140366958487296][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:461]
Searching user ‘’ in LDAP.
[2017-03-21
08:24:06,353][5772][140366958487296][ERROR][privacyidea.app:1423] Exception
on /user/ [GET]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1473, in
full_dispatch_request
rv = self.preprocess_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1666, in
preprocess_request
rv = func()
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
324, in decorated_function
return f(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”,
line 77, in before_user_request
before_request()
File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”,
line 110, in before_request
request.User = get_user_from_param(request.all_data)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
187, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
555, in get_user_from_param
user_object = User(login=username, realm=realm)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
187, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
92, in init
self.get_resolvers()
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line
189, in get_resolvers
uid = y.getUserId(self.login)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py”,
line 151, in cache_wrapper
f_result = func(self, *args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.py”,
line 471, in getUserId
LoginName))
Exception: Found more than one object for Loginname ‘’
[2017-03-21
08:24:06,355][5772][140366958487296][DEBUG][privacyidea.api.lib.utils:239]
Can not get param: No JSON object could be decoded

This log is from when I click on the “Test LDAP Resolver” button:

[2017-03-21
08:29:57,149][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_user_from_param with arguments ({u’BINDDN’:
u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’: u’Simple’, u’LDAPFILTER’:
u’(&(uid=%s)(objectClass=inetOrgPerson))‘, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘, u’UIDTYPE’:
u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’: False, u’BINDPW’:
u’–trimmed–‘, u’USERINFO’: u’{ “email” : “mail”, “surname” : “sn”,
“givenname” : “givenName” }‘, u’TIMEOUT’: u’5’, u’SIZELIMIT’: u’500’,
u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False, u’CACHE_TIMEOUT’: u’120’,
u’type’: u’ldapresolver’},) and keywords {}
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering User with arguments () and keywords {‘login’: ‘’, ‘realm’: ‘’}
[2017-03-21
08:29:57,152][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=‘’, realm=‘’,
resolver=‘’),) and keywords {}
[2017-03-21
08:29:57,153][5772][140366874560256][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (‘’,) and keywords {}
[2017-03-21
08:29:57,153][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’pi-passwd’: {‘default’: True, ‘option’:
u’‘, ‘resolver’: [{‘priority’: None, ‘type’: u’passwdresolver’, ‘name’:
u’pi-passwd’}]}, u’crowd-ldap’: {‘default’: False, ‘option’: u’‘,
‘resolver’: [{‘priority’: 1, ‘type’: u’ldapresolver’, ‘name’:
u’crowd-ldap’}]}}
[2017-03-21
08:29:57,154][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result []
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting User with result
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.user:179]
Entering get_ordererd_resolvers with arguments (User(login=‘’, realm=‘’,
resolver=‘’),) and keywords {}
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.realm:179]
Entering get_realms with arguments (‘’,) and keywords {}
[2017-03-21
08:29:57,155][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.realm:191]
Exiting get_realms with result {u’pi-passwd’: {‘default’: True, ‘option’:
u’‘, ‘resolver’: [{‘priority’: None, ‘type’: u’passwdresolver’, ‘name’:
u’pi-passwd’}]}, u’crowd-ldap’: {‘default’: False, ‘option’: u’‘,
‘resolver’: [{‘priority’: 1, ‘type’: u’ldapresolver’, ‘name’:
u’crowd-ldap’}]}}
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_ordererd_resolvers with result []
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.user:191]
Exiting get_user_from_param with result
[2017-03-21
08:29:57,157][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.policy.PolicyClass’> already exists.
[2017-03-21
08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179]
Entering getAudit with arguments (<Config {‘JSON_AS_ASCII’: True, ‘PI_HSM’:
‘default’, ‘PI_LOGFILE’: ‘/var/log/privacyidea/privacyidea.log’, ‘pi_hsm’:
{‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at
0x7fa9a03b9450>}, ‘PI_AUDIT_KEY_PUBLIC’: ‘/etc/privacyidea/public.pem’,
‘SQLALCHEMY_POOL_RECYCLE’: None, ‘SQLALCHEMY_ECHO’: False, ‘PI_PEPPER’:
‘–trimmed–’, ‘SQLALCHEMY_POOL_TIMEOUT’: None,
‘SQLALCHEMY_RECORD_QUERIES’: None, ‘PI_ENCFILE’: ‘/etc/privacyidea/enckey’,
‘SESSION_COOKIE_DOMAIN’: None, ‘SESSION_COOKIE_NAME’: ‘session’,
‘pi_token_types’: [‘registration’, ‘yubikey’, ‘radius’, ‘tiqr’, ‘pw’,
‘daplug’, ‘u2f’, ‘spass’, ‘4eyes’, ‘paper’, ‘motp’, ‘sms’, ‘email’, ‘totp’,
‘remote’, ‘hotp’, ‘certificate’, ‘yubico’, ‘sshkey’, ‘question’],
‘SQLALCHEMY_NATIVE_UNICODE’: None, ‘MAX_CONTENT_LENGTH’: None,
‘PERMANENT_SESSION_LIFETIME’: datetime.timedelta(31),
‘SQLALCHEMY_POOL_SIZE’: None, ‘SQLALCHEMY_MAX_OVERFLOW’: None,
‘TRAP_HTTP_EXCEPTIONS’: False, ‘PRESERVE_CONTEXT_ON_EXCEPTION’: None,
‘SESSION_COOKIE_PATH’: None, ‘SQLALCHEMY_DATABASE_URI’:
‘mysql://–trimmed–@localhost/pi’, ‘LOGGER_NAME’: ‘privacyidea.app’,
‘SECRET_KEY’: ‘–trimmed–’, ‘APPLICATION_ROOT’: None, ‘SERVER_NAME’: None,
‘BABEL_DEFAULT_LOCALE’: ‘en’, ‘PREFERRED_URL_SCHEME’: ‘http’, ‘TESTING’:
False, ‘BABEL_DEFAULT_TIMEZONE’: ‘UTC’, ‘USE_X_SENDFILE’: False,
‘PI_AUDIT_MODULE’: ‘privacyidea.lib.auditmodules.sqlaudit’,
‘SESSION_COOKIE_SECURE’: False, ‘SQLALCHEMY_BINDS’: None, ‘DEBUG’: False,
‘SQLALCHEMY_COMMIT_ON_TEARDOWN’: False, ‘CACHE_TYPE’: ‘simple’,
‘JSONIFY_PRETTYPRINT_REGULAR’: True, ‘PROPAGATE_EXCEPTIONS’: None,
‘PI_LOGLEVEL’: 10, ‘TRAP_BAD_REQUEST_ERRORS’: False, ‘JSON_SORT_KEYS’:
True, ‘SESSION_COOKIE_HTTPONLY’: True, ‘SEND_FILE_MAX_AGE_DEFAULT’: 43200,
‘PI_AUDIT_KEY_PRIVATE’: ‘/etc/privacyidea/private.pem’, ‘SUPERUSER_REALM’:
[‘super’]}>,) and keywords {}
[2017-03-21
08:29:57,159][5772][140366874560256][DEBUG][privacyidea.lib.audit:179]
Entering getAuditClass with arguments
(‘privacyidea.lib.auditmodules.sqlaudit’, ‘Audit’) and keywords {}
[2017-03-21
08:29:57,167][5772][140366874560256][DEBUG][privacyidea.lib.audit:76]
klass: <class ‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21
08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.audit:191]
Exiting getAuditClass with result <class
‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21
08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.auditmodules.sqlaudit:95]
using the connect string mysql://–trimmed–@localhost/pi
[2017-03-21
08:29:57,168][5772][140366874560256][DEBUG][privacyidea.lib.auditmodules.sqlaudit:102]
Using SQL pool_size of 20
[2017-03-21
08:29:57,169][5772][140366874560256][DEBUG][privacyidea.lib.audit:191]
Exiting getAudit with result <privacyidea.lib.auditmodules.sqlaudit.Audit
object at 0x7fa990aac290>
[2017-03-21
08:29:57,170][5772][140366874560256][DEBUG][privacyidea.lib.config:179]
Entering get_from_config with arguments (‘OverrideAuthorizationClient’,)
and keywords {}
[2017-03-21
08:29:57,171][5772][140366874560256][DEBUG][privacyidea.lib.config:72] The
singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:191]
Exiting get_from_config with result None
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.api.resolver:179]
Entering test_resolver with arguments () and keywords {}
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.resolver:179]
Entering pretestresolver with arguments (u’ldapresolver’, {u’BINDDN’:
u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’: u’Simple’, u’LDAPFILTER’:
u’(&(uid=%s)(objectClass=inetOrgPerson))‘, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘, u’UIDTYPE’:
u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’: False, u’BINDPW’:
u’–trimmed–‘, u’USERINFO’: u’{ “email” : “mail”, “surname” : “sn”,
“givenname” : “givenName” }‘, u’TIMEOUT’: u’5’, u’SIZELIMIT’: u’500’,
u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False, u’CACHE_TIMEOUT’: u’120’,
u’type’: u’ldapresolver’}) and keywords {}
[2017-03-21
08:29:57,173][5772][140366874560256][DEBUG][privacyidea.lib.config:179]
Entering get_resolver_list with arguments () and keywords {}
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:549] None
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:191]
Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:680]
using the module list: set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21
08:29:57,174][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:688]
import module: privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21
08:29:57,175][5772][140366874560256][DEBUG][privacyidea.lib.config:503]
module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from
‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21
08:29:57,177][5772][140366874560256][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:680]
Added localhost, 10389, False to server pool.
[2017-03-21
08:29:57,893][5772][140366874560256][DEBUG][privacyidea.lib.resolver:191]
Exiting pretestresolver with result (True, u’Your LDAP config seems to be
OK, 95 user objects found.')
[2017-03-21
08:29:57,895][5772][140366874560256][DEBUG][privacyidea.api.resolver:191]
Exiting test_resolver with result <Response 308 bytes [200 OK]>

John_Meyers · March 28, 2017, 11:32pm

We were able to figure it out.

The default search filter for LDAP is
‘(uid=*)(objectClass=inetOrgPerson)’, but it turns out we needed to
filter on a field that was preset for every user. Which in our case
ended up being ‘(ou=users)’. The ‘Test LDAP Resolver’ button now returns
0 results, but the actual user list is populated with the full list of
real users.On Mon, Mar 27, 2017, at 11:21 PM, John Meyers wrote:

Hi Cornelius,

I checked my users and every single user returned from LDAP has a uid
that is unique to the user. Zero are missing the uid field.

Do you have any suggestions for how to debug my attribute mapping?

Thanks.

On Sun, Mar 26, 2017, at 02:49 PM, Cornelius Kölbel wrote:

Hi John,

you seem to have a problem in your attribute mapping or your users.

You might have some users with an empty uid?

Kind regards

Cornelius

Am Dienstag, 21. März 2017 16:48:46 UTC+1 schrieb John Meyers:

When I go to the “users” view and select the Realm containing the
LDAP server, I get an error pop up that states “Found more than one
object for Loginname ‘’” and an exception is shown in the logs.
However when I click the “Test LDAP Resolver” button in the LDAP
config page, I get a popup that states “Your LDAP config seems to
be OK, 95 user objects found.” So why can’t I see the users on the
user view?

I am able to see the full list of users when I use ldapsearch on the
command line:
ldapsearch -LLL -x -D ‘dn=ldap_bind,ou=users,dc=crowd’ -W -H
ldap://localhost:10389 -b ‘ou=users,dc=crowd’ ‘(uid=*)’

PrivacyIDEA 2.18-1xenial installed via the Ubuntu packages.

MySQL 5.7.17-0ubuntu0.16.04.1

Apache2 2.4.18-2ubuntu3.1

Ubuntu 16.04.2 LTS

$ sudo cat /etc/privacyidea/pi.cfg

import logging

SUPERUSER_REALM = [‘super’]

PI_ENCFILE = ‘/etc/privacyidea/enckey’

PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’

PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’

PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’

PI_LOGLEVEL = 10

PI_PEPPER = ‘–trimmed–’

SECRET_KEY = ‘–trimmed–’

SQLALCHEMY_DATABASE_URI = ‘mysql://–trimmed–@localhost/pi’

Attached is a screenshot showing the LDAP connector configuration.

To capture this log, I go to the Users page and then select the
realm that contains the LDAP user resolver:

[2017-03-21 08:24:05,683][5772][140366958487296][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea-
.api.lib.utils:239] Can not get param: No JSON object could be
decoded
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea-
.lib.user:179] Entering get_user_from_param with arguments
({‘realm’: u’crowd-ldap’},) and keywords {}
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea-
.lib.user:179] Entering User with arguments () and keywords
{‘login’: ‘’, ‘realm’: u’crowd-ldap’}
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea-
.lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=u’crowd-ldap’, resolver=‘’),) and keywords {}
[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea-
.lib.realm:179] Entering get_realms with arguments (u’crowd-ldap’,)
and keywords {}
[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacyidea-
.lib.realm:191] Exiting get_realms with result {u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacyidea-
.lib.user:191] Exiting get_ordererd_resolvers with result [u’crowd- ldap’]
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:179] Entering get_resolver_object with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:179] Entering get_resolver_list with arguments () and
keywords {‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,690][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea-
.lib.config:179] Entering get_resolver_list with arguments () and
keywords {}
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea-
.lib.config:549] None
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea-
.lib.config:191] Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea-
.lib.config:680] using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:179] Entering get_resolver_config with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:179] Entering get_resolver_list with arguments () and
keywords {‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:193] Exiting get_resolver_config with result HIDDEN
[2017-03-21 08:24:05,704][5772][140366958487296][DEBUG][privacyidea-
.lib.resolver:191] Exiting get_resolver_object with result
<privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at
0x7fa990e8be50>
[2017-03-21 08:24:05,705][5772][140366958487296][DEBUG][privacyidea-
.lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:24:06,174][5772][140366958487296][DEBUG][privacyidea-
.lib.resolvers.LDAPIdResolver:461] Searching user ‘’ in LDAP.
[2017-03-21
08:24:06,353][5772][140366958487296][ERROR][privacyidea.app:1423]
Exception on /user/ [GET]
Traceback (most recent call last):

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817,
in wsgi_app
response = self.full_dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477,
in full_dispatch_request
rv = self.handle_user_exception(e)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381,
in handle_user_exception
reraise(exc_type, exc_value, tb)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1473,
in full_dispatch_request
rv = self.preprocess_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1666,
in preprocess_request
rv = func()

File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”,
line 324, in decorated_function
return f(*args, **kwargs)

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 77, in
before_user_request
before_request()

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 110, in
before_request
request.User = get_user_from_param(request.all_data)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”,
line 187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 555, in get_user_from_param
user_object = User(login=username, realm=realm)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”,
line 187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 92, in init
self.get_resolvers()

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 189, in get_resolvers
uid = y.getUserId(self.login)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 151,
in cache_wrapper
f_result = func(self, *args, **kwds)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 471,
in getUserId
LoginName))

Exception: Found more than one object for Loginname ‘’

[2017-03-21 08:24:06,355][5772][140366958487296][DEBUG][privacyidea-
.api.lib.utils:239] Can not get param: No JSON object could be
decoded

This log is from when I click on the “Test LDAP Resolver” button:

[2017-03-21 08:29:57,149][5772][140366874560256][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea-
.lib.user:179] Entering get_user_from_param with arguments
({u’BINDDN’: u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’:
u’Simple’, u’LDAPFILTER’: u’(&(uid=%s)(objectClass=inetOrgPerson))‘,
u’LDAPBASE’: u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘,
u’UIDTYPE’: u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’:
False, u’BINDPW’: u’–trimmed–‘, u’USERINFO’: u’{ “email” :
“mail”, “surname” : “sn”, “givenname” : “givenName” }‘, u’TIMEOUT’:
u’5’, u’SIZELIMIT’: u’500’, u’SCOPE’: u’LEVEL’, u’NOREFERRALS’:
False, u’CACHE_TIMEOUT’: u’120’, u’type’: u’ldapresolver’},) and
keywords {}
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea-
.lib.user:179] Entering User with arguments () and keywords
{‘login’: ‘’, ‘realm’: ‘’}
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea-
.lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=‘’, resolver=‘’),) and keywords {}
[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:179] Entering get_realms with arguments (‘’,) and
keywords {}
[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:191] Exiting get_realms with result {u’pi-passwd’:
{‘default’: True, ‘option’: u’‘, ‘resolver’: [{‘priority’: None,
‘type’: u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea-
.lib.user:191] Exiting get_ordererd_resolvers with result []
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea-
.lib.user:191] Exiting User with result
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea-
.lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=‘’, resolver=‘’),) and keywords {}
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:179] Entering get_realms with arguments (‘’,) and
keywords {}
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:191] Exiting get_realms with result {u’pi-passwd’:
{‘default’: True, ‘option’: u’‘, ‘resolver’: [{‘priority’: None,
‘type’: u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea-
.lib.user:191] Exiting get_ordererd_resolvers with result []
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea-
.lib.user:191] Exiting get_user_from_param with result
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.policy.PolicyClass’> already exists.
[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea-
.lib.audit:179] Entering getAudit with arguments (<Config
{‘JSON_AS_ASCII’: True, ‘PI_HSM’: ‘default’, ‘PI_LOGFILE’:
‘/var/log/privacyidea/privacyidea.log’, ‘pi_hsm’: {‘obj’:
<privacyidea.lib.security.default.DefaultSecurityModule object at
0x7fa9a03b9450>}, ‘PI_AUDIT_KEY_PUBLIC’:
‘/etc/privacyidea/public.pem’, ‘SQLALCHEMY_POOL_RECYCLE’: None,
‘SQLALCHEMY_ECHO’: False, ‘PI_PEPPER’: ‘–trimmed–’,
‘SQLALCHEMY_POOL_TIMEOUT’: None, ‘SQLALCHEMY_RECORD_QUERIES’: None,
‘PI_ENCFILE’: ‘/etc/privacyidea/enckey’, ‘SESSION_COOKIE_DOMAIN’:
None, ‘SESSION_COOKIE_NAME’: ‘session’, ‘pi_token_types’:
[‘registration’, ‘yubikey’, ‘radius’, ‘tiqr’, ‘pw’, ‘daplug’, ‘u2f’,
‘spass’, ‘4eyes’, ‘paper’, ‘motp’, ‘sms’, ‘email’, ‘totp’, ‘remote’,
‘hotp’, ‘certificate’, ‘yubico’, ‘sshkey’, ‘question’],
‘SQLALCHEMY_NATIVE_UNICODE’: None, ‘MAX_CONTENT_LENGTH’: None,
‘PERMANENT_SESSION_LIFETIME’: datetime.timedelta(31),
‘SQLALCHEMY_POOL_SIZE’: None, ‘SQLALCHEMY_MAX_OVERFLOW’: None,
‘TRAP_HTTP_EXCEPTIONS’: False, ‘PRESERVE_CONTEXT_ON_EXCEPTION’:
None, ‘SESSION_COOKIE_PATH’: None, ‘SQLALCHEMY_DATABASE_URI’: ‘mysql://–trimmed–
@localhost/pi’, ‘LOGGER_NAME’: ‘privacyidea.app’, ‘SECRET_KEY’: ‘–trimmed–
‘, ‘APPLICATION_ROOT’: None, ‘SERVER_NAME’: None,
‘BABEL_DEFAULT_LOCALE’: ‘en’, ‘PREFERRED_URL_SCHEME’: ‘http’,
‘TESTING’: False, ‘BABEL_DEFAULT_TIMEZONE’: ‘UTC’, ‘USE_X_SENDFILE’:
False, ‘PI_AUDIT_MODULE’: ‘privacyidea.lib.auditmodules.sqlaudit’,
‘SESSION_COOKIE_SECURE’: False, ‘SQLALCHEMY_BINDS’: None, ‘DEBUG’:
False, ‘SQLALCHEMY_COMMIT_ON_TEARDOWN’: False, ‘CACHE_TYPE’:
‘simple’, ‘JSONIFY_PRETTYPRINT_REGULAR’: True,
‘PROPAGATE_EXCEPTIONS’: None, ‘PI_LOGLEVEL’: 10,
‘TRAP_BAD_REQUEST_ERRORS’: False, ‘JSON_SORT_KEYS’: True,
‘SESSION_COOKIE_HTTPONLY’: True, ‘SEND_FILE_MAX_AGE_DEFAULT’: 43200,
‘PI_AUDIT_KEY_PRIVATE’: ‘/etc/privacyidea/private.pem’,
‘SUPERUSER_REALM’: [‘super’]}>,) and keywords {}
[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea-
.lib.audit:179] Entering getAuditClass with arguments
(‘privacyidea.lib.auditmodules.sqlaudit’, ‘Audit’) and keywords {}
[2017-03-21 08:29:57,167][5772][140366874560256][DEBUG][privacyidea-
.lib.audit:76] klass: <class
‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea-
.lib.audit:191] Exiting getAuditClass with result <class
‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea-
.lib.auditmodules.sqlaudit:95] using the connect string mysql://–trimmed–
@localhost/pi
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea-
.lib.auditmodules.sqlaudit:102] Using SQL pool_size of 20
[2017-03-21 08:29:57,169][5772][140366874560256][DEBUG][privacyidea-
.lib.audit:191] Exiting getAudit with result
<privacyidea.lib.auditmodules.sqlaudit.Audit object at
0x7fa990aac290>
[2017-03-21 08:29:57,170][5772][140366874560256][DEBUG][privacyidea-
.lib.config:179] Entering get_from_config with arguments
(‘OverrideAuthorizationClient’,) and keywords {}
[2017-03-21 08:29:57,171][5772][140366874560256][DEBUG][privacyidea-
.lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea-
.lib.config:191] Exiting get_from_config with result None
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea-
.api.resolver:179] Entering test_resolver with arguments () and
keywords {}
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea-
.lib.resolver:179] Entering pretestresolver with arguments
(u’ldapresolver’, {u’BINDDN’: u’dn=ldap_bind,ou=users,dc=crowd’,
u’AUTHTYPE’: u’Simple’, u’LDAPFILTER’:
u’(&(uid=%s)(objectClass=inetOrgPerson))‘, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘,
u’UIDTYPE’: u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’:
False, u’BINDPW’: u’–trimmed–‘, u’USERINFO’: u’{ “email” :
“mail”, “surname” : “sn”, “givenname” : “givenName” }‘, u’TIMEOUT’:
u’5’, u’SIZELIMIT’: u’500’, u’SCOPE’: u’LEVEL’, u’NOREFERRALS’:
False, u’CACHE_TIMEOUT’: u’120’, u’type’: u’ldapresolver’}) and
keywords {}
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea-
.lib.config:179] Entering get_resolver_list with arguments () and
keywords {}
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:549] None
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:191] Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:680] using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea-
.lib.config:688] import module:
privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea-
.lib.config:503] module: <module
‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:29:57,177][5772][140366874560256][DEBUG][privacyidea-
.lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:29:57,893][5772][140366874560256][DEBUG][privacyidea-
.lib.resolver:191] Exiting pretestresolver with result (True, u’Your
LDAP config seems to be OK, 95 user objects found.')
[2017-03-21 08:29:57,895][5772][140366874560256][DEBUG][privacyidea-
.api.resolver:191] Exiting test_resolver with result <Response 308
bytes [200 OK]>

–

Please read the blog post about getting help

Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/1490682111.3843389.925695616.4C8768A9%40webmail.messagingengine.com[1].
For more options, visit https://groups.google.com/d/optout.

Links:

https://groups.google.com/d/msgid/privacyidea/1490682111.3843389.925695616.4C8768A9%40webmail.messagingengine.com?utm_medium=email&utm_source=footer

John_Meyers · March 28, 2017, 6:21am

Hi Cornelius,

I checked my users and every single user returned from LDAP has a uid
that is unique to the user. Zero are missing the uid field.

Do you have any suggestions for how to debug my attribute mapping?

Thanks.On Sun, Mar 26, 2017, at 02:49 PM, Cornelius Kölbel wrote:

Hi John,

you seem to have a problem in your attribute mapping or your users.

You might have some users with an empty uid?

Kind regards

Cornelius

Am Dienstag, 21. März 2017 16:48:46 UTC+1 schrieb John Meyers:

When I go to the “users” view and select the Realm containing the
LDAP server, I get an error pop up that states “Found more than one
object for Loginname ‘’” and an exception is shown in the logs.
However when I click the “Test LDAP Resolver” button in the LDAP
config page, I get a popup that states “Your LDAP config seems to
be OK, 95 user objects found.” So why can’t I see the users on the
user view?

I am able to see the full list of users when I use ldapsearch on the
command line:
ldapsearch -LLL -x -D ‘dn=ldap_bind,ou=users,dc=crowd’ -W -H
ldap://localhost:10389 -b ‘ou=users,dc=crowd’ ‘(uid=*)’

PrivacyIDEA 2.18-1xenial installed via the Ubuntu packages.

MySQL 5.7.17-0ubuntu0.16.04.1

Apache2 2.4.18-2ubuntu3.1

Ubuntu 16.04.2 LTS

$ sudo cat /etc/privacyidea/pi.cfg

import logging

SUPERUSER_REALM = [‘super’]

PI_ENCFILE = ‘/etc/privacyidea/enckey’

PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’

PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’

PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’

PI_LOGLEVEL = 10

PI_PEPPER = ‘–trimmed–’

SECRET_KEY = ‘–trimmed–’

SQLALCHEMY_DATABASE_URI = ‘mysql://–trimmed–@localhost/pi’

Attached is a screenshot showing the LDAP connector configuration.

To capture this log, I go to the Users page and then select the realm
that contains the LDAP user resolver:

[2017-03-21 08:24:05,683][5772][140366958487296][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.-
api.lib.utils:239] Can not get param: No JSON object could be decoded
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.-
lib.user:179] Entering get_user_from_param with arguments ({‘realm’:
u’crowd-ldap’},) and keywords {}
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.-
lib.user:179] Entering User with arguments () and keywords {‘login’:
‘’, ‘realm’: u’crowd-ldap’}
[2017-03-21 08:24:05,686][5772][140366958487296][DEBUG][privacyidea.-
lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=u’crowd-ldap’, resolver=‘’),) and keywords {}
[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea.-
lib.realm:179] Entering get_realms with arguments (u’crowd-ldap’,)
and keywords {}
[2017-03-21 08:24:05,687][5772][140366958487296][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacyidea.-
lib.realm:191] Exiting get_realms with result {u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:24:05,688][5772][140366958487296][DEBUG][privacy-
idea.lib.user:191] Exiting get_ordererd_resolvers with result
[u’crowd-ldap’]
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:179] Entering get_resolver_object with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:179] Entering get_resolver_list with arguments () and
keywords {‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,689][5772][140366958487296][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,690][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.-
lib.config:179] Entering get_resolver_list with arguments () and
keywords {}
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.-
lib.config:549] None
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.-
lib.config:191] Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.-
lib.config:680] using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:24:05,691][5772][140366958487296][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21 08:24:05,692][5772][140366958487296][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:179] Entering get_resolver_config with arguments (u’crowd-
ldap’,) and keywords {}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:179] Entering get_resolver_list with arguments () and
keywords {‘filter_resolver_name’: u’crowd-ldap’}
[2017-03-21 08:24:05,701][5772][140366958487296][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:193] Exiting get_resolver_list with result HIDDEN
[2017-03-21 08:24:05,703][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:193] Exiting get_resolver_config with result HIDDEN
[2017-03-21 08:24:05,704][5772][140366958487296][DEBUG][privacyidea.-
lib.resolver:191] Exiting get_resolver_object with result
<privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at
0x7fa990e8be50>
[2017-03-21 08:24:05,705][5772][140366958487296][DEBUG][privacyidea.-
lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:24:06,174][5772][140366958487296][DEBUG][privacyidea.-
lib.resolvers.LDAPIdResolver:461] Searching user ‘’ in LDAP.
[2017-03-21
08:24:06,353][5772][140366958487296][ERROR][privacyidea.app:1423]
Exception on /user/ [GET]
Traceback (most recent call last):

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1473, in
full_dispatch_request
rv = self.preprocess_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1666, in
preprocess_request
rv = func()

File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”,
line 324, in decorated_function
return f(*args, **kwargs)

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 77, in
before_user_request
before_request()

File “/usr/lib/python2.7/dist-
packages/privacyidea/api/before_after.py”, line 110, in
before_request
request.User = get_user_from_param(request.all_data)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”,
line 187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 555, in get_user_from_param
user_object = User(login=username, realm=realm)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”,
line 187, in log_wrapper
f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 92, in init
self.get_resolvers()

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”,
line 189, in get_resolvers
uid = y.getUserId(self.login)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 151, in
cache_wrapper
f_result = func(self, *args, **kwds)

File “/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 471, in
getUserId
LoginName))

Exception: Found more than one object for Loginname ‘’

[2017-03-21 08:24:06,355][5772][140366958487296][DEBUG][privacyidea.-
api.lib.utils:239] Can not get param: No JSON object could be decoded

This log is from when I click on the “Test LDAP Resolver” button:

[2017-03-21 08:29:57,149][5772][140366874560256][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.-
lib.user:179] Entering get_user_from_param with arguments
({u’BINDDN’: u’dn=ldap_bind,ou=users,dc=crowd’, u’AUTHTYPE’:
u’Simple’, u’LDAPFILTER’: u’(&(uid=%s)(objectClass=inetOrgPerson))‘,
u’LDAPBASE’: u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘,
u’UIDTYPE’: u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’:
False, u’BINDPW’: u’–trimmed–‘, u’USERINFO’: u’{ “email” : “mail”,
“surname” : “sn”, “givenname” : “givenName” }‘, u’TIMEOUT’: u’5’,
u’SIZELIMIT’: u’500’, u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False,
u’CACHE_TIMEOUT’: u’120’, u’type’: u’ldapresolver’},) and keywords {}
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.-
lib.user:179] Entering User with arguments () and keywords {‘login’:
‘’, ‘realm’: ‘’}
[2017-03-21 08:29:57,152][5772][140366874560256][DEBUG][privacyidea.-
lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=‘’, resolver=‘’),) and keywords {}
[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:179] Entering get_realms with arguments (‘’,) and
keywords {}
[2017-03-21 08:29:57,153][5772][140366874560256][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea.-
lib.realm:191] Exiting get_realms with result {u’pi-passwd’:
{‘default’: True, ‘option’: u’‘, ‘resolver’: [{‘priority’: None,
‘type’: u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:29:57,154][5772][140366874560256][DEBUG][privacyidea.-
lib.user:191] Exiting get_ordererd_resolvers with result []
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.-
lib.user:191] Exiting User with result
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.-
lib.user:179] Entering get_ordererd_resolvers with arguments
(User(login=‘’, realm=‘’, resolver=‘’),) and keywords {}
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea-
.lib.realm:179] Entering get_realms with arguments (‘’,) and
keywords {}
[2017-03-21 08:29:57,155][5772][140366874560256][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.-
lib.realm:191] Exiting get_realms with result {u’pi-passwd’:
{‘default’: True, ‘option’: u’‘, ‘resolver’: [{‘priority’: None,
‘type’: u’passwdresolver’, ‘name’: u’pi-passwd’}]}, u’crowd-ldap’:
{‘default’: False, ‘option’: u’‘, ‘resolver’: [{‘priority’: 1,
‘type’: u’ldapresolver’, ‘name’: u’crowd-ldap’}]}}
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.-
lib.user:191] Exiting get_ordererd_resolvers with result []
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.-
lib.user:191] Exiting get_user_from_param with result
[2017-03-21 08:29:57,157][5772][140366874560256][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.policy.PolicyClass’> already exists.
[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea.-
lib.audit:179] Entering getAudit with arguments (<Config
{‘JSON_AS_ASCII’: True, ‘PI_HSM’: ‘default’, ‘PI_LOGFILE’:
‘/var/log/privacyidea/privacyidea.log’, ‘pi_hsm’: {‘obj’:
<privacyidea.lib.security.default.DefaultSecurityModule object at
0x7fa9a03b9450>}, ‘PI_AUDIT_KEY_PUBLIC’:
‘/etc/privacyidea/public.pem’, ‘SQLALCHEMY_POOL_RECYCLE’: None,
‘SQLALCHEMY_ECHO’: False, ‘PI_PEPPER’: ‘–trimmed–’,
‘SQLALCHEMY_POOL_TIMEOUT’: None, ‘SQLALCHEMY_RECORD_QUERIES’: None,
‘PI_ENCFILE’: ‘/etc/privacyidea/enckey’, ‘SESSION_COOKIE_DOMAIN’:
None, ‘SESSION_COOKIE_NAME’: ‘session’, ‘pi_token_types’:
[‘registration’, ‘yubikey’, ‘radius’, ‘tiqr’, ‘pw’, ‘daplug’, ‘u2f’,
‘spass’, ‘4eyes’, ‘paper’, ‘motp’, ‘sms’, ‘email’, ‘totp’, ‘remote’,
‘hotp’, ‘certificate’, ‘yubico’, ‘sshkey’, ‘question’],
‘SQLALCHEMY_NATIVE_UNICODE’: None, ‘MAX_CONTENT_LENGTH’: None,
‘PERMANENT_SESSION_LIFETIME’: datetime.timedelta(31),
‘SQLALCHEMY_POOL_SIZE’: None, ‘SQLALCHEMY_MAX_OVERFLOW’: None,
‘TRAP_HTTP_EXCEPTIONS’: False, ‘PRESERVE_CONTEXT_ON_EXCEPTION’: None,
‘SESSION_COOKIE_PATH’: None, ‘SQLALCHEMY_DATABASE_URI’: ‘mysql://–trimmed–
@localhost/pi’, ‘LOGGER_NAME’: ‘privacyidea.app’, ‘SECRET_KEY’: ‘–trimmed–
‘, ‘APPLICATION_ROOT’: None, ‘SERVER_NAME’: None,
‘BABEL_DEFAULT_LOCALE’: ‘en’, ‘PREFERRED_URL_SCHEME’: ‘http’,
‘TESTING’: False, ‘BABEL_DEFAULT_TIMEZONE’: ‘UTC’, ‘USE_X_SENDFILE’:
False, ‘PI_AUDIT_MODULE’: ‘privacyidea.lib.auditmodules.sqlaudit’,
‘SESSION_COOKIE_SECURE’: False, ‘SQLALCHEMY_BINDS’: None, ‘DEBUG’:
False, ‘SQLALCHEMY_COMMIT_ON_TEARDOWN’: False, ‘CACHE_TYPE’:
‘simple’, ‘JSONIFY_PRETTYPRINT_REGULAR’: True,
‘PROPAGATE_EXCEPTIONS’: None, ‘PI_LOGLEVEL’: 10,
‘TRAP_BAD_REQUEST_ERRORS’: False, ‘JSON_SORT_KEYS’: True,
‘SESSION_COOKIE_HTTPONLY’: True, ‘SEND_FILE_MAX_AGE_DEFAULT’: 43200,
‘PI_AUDIT_KEY_PRIVATE’: ‘/etc/privacyidea/private.pem’,
‘SUPERUSER_REALM’: [‘super’]}>,) and keywords {}
[2017-03-21 08:29:57,159][5772][140366874560256][DEBUG][privacyidea.-
lib.audit:179] Entering getAuditClass with arguments
(‘privacyidea.lib.auditmodules.sqlaudit’, ‘Audit’) and keywords {}
[2017-03-21 08:29:57,167][5772][140366874560256][DEBUG][privacyidea.-
lib.audit:76] klass: <class
‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.-
lib.audit:191] Exiting getAuditClass with result <class
‘privacyidea.lib.auditmodules.sqlaudit.Audit’>
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.-
lib.auditmodules.sqlaudit:95] using the connect string mysql://–trimmed–
@localhost/pi
[2017-03-21 08:29:57,168][5772][140366874560256][DEBUG][privacyidea.-
lib.auditmodules.sqlaudit:102] Using SQL pool_size of 20
[2017-03-21 08:29:57,169][5772][140366874560256][DEBUG][privacyidea.-
lib.audit:191] Exiting getAudit with result
<privacyidea.lib.auditmodules.sqlaudit.Audit object at
0x7fa990aac290>
[2017-03-21 08:29:57,170][5772][140366874560256][DEBUG][privacyidea.-
lib.config:179] Entering get_from_config with arguments
(‘OverrideAuthorizationClient’,) and keywords {}
[2017-03-21 08:29:57,171][5772][140366874560256][DEBUG][privacyidea.-
lib.config:72] The singleton <class
‘privacyidea.lib.config.ConfigClass’> already exists.
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.-
lib.config:191] Exiting get_from_config with result None
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.-
api.resolver:179] Entering test_resolver with arguments () and
keywords {}
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.-
lib.resolver:179] Entering pretestresolver with arguments
(u’ldapresolver’, {u’BINDDN’: u’dn=ldap_bind,ou=users,dc=crowd’,
u’AUTHTYPE’: u’Simple’, u’LDAPFILTER’:
u’(&(uid=%s)(objectClass=inetOrgPerson))‘, u’LDAPBASE’:
u’ou=users,dc=crowd’, u’EDITABLE’: False, u’LDAPURI’:
u’ldap://localhost:10389’, u’LDAPSEARCHFILTER’: u’(uid=)‘,
u’UIDTYPE’: u’dn’, u’LOGINNAMEATTRIBUTE’: u’uid’, u’TLS_VERIFY’:
False, u’BINDPW’: u’–trimmed–‘, u’USERINFO’: u’{ “email” : “mail”,
“surname” : “sn”, “givenname” : “givenName” }‘, u’TIMEOUT’: u’5’,
u’SIZELIMIT’: u’500’, u’SCOPE’: u’LEVEL’, u’NOREFERRALS’: False,
u’CACHE_TIMEOUT’: u’120’, u’type’: u’ldapresolver’}) and keywords {}
[2017-03-21 08:29:57,173][5772][140366874560256][DEBUG][privacyidea.-
lib.config:179] Entering get_resolver_list with arguments () and
keywords {}
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:549] None
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:191] Exiting get_resolver_list with result
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:680] using the module list:
set([‘privacyidea.lib.resolvers.PasswdIdResolver’,
‘privacyidea.lib.resolvers.SCIMIdResolver’,
‘privacyidea.lib.resolvers.SQLIdResolver’,
‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.PasswdIdResolver
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.SCIMIdResolver
[2017-03-21 08:29:57,174][5772][140366874560256][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.SQLIdResolver
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.-
lib.config:688] import module:
privacyidea.lib.resolvers.LDAPIdResolver
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2017-03-21 08:29:57,175][5772][140366874560256][DEBUG][privacyidea.-
lib.config:503] module: <module
‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-
packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2017-03-21 08:29:57,177][5772][140366874560256][DEBUG][privacyidea.-
lib.resolvers.LDAPIdResolver:680] Added localhost, 10389, False to
server pool.
[2017-03-21 08:29:57,893][5772][140366874560256][DEBUG][privacyidea.-
lib.resolver:191] Exiting pretestresolver with result (True, u’Your
LDAP config seems to be OK, 95 user objects found.')
[2017-03-21 08:29:57,895][5772][140366874560256][DEBUG][privacyidea.-
api.resolver:191] Exiting test_resolver with result <Response 308
bytes [200 OK]>