mySQL + LDAP resolver

Hi Cornelius,
attached you’ll find a screenshot.

https://lh3.googleusercontent.com/-icZ8hsPwC4w/VUI5KUWIqEI/AAAAAAAAAFw/3XgWgxezAFY/s1600/AD.png

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWUTZYWEFBb0pFQkJoWkZVdWpZRkoyQ29RQUlwTG5xRnljTmt2WndEdkFidkVl
aVUxDQpleXExTzFVTW9XNG9CNFRjdlVNSDJCQmZublBSSWtiL283T1NUQkQ5VVpHbTZOVXNDWnlt
UU02MXNCbitpTkRKDQpSaFBZT05OdW12RmtQYTJVU2Q3UEY2L0RXWUZ5a1d2SnNnVVZISkZpU2pH
YlpHOTJsNHY2Y2hGbVptbWNTb3plDQpnZ3VhcFhLMVNJaW8xUmY3MllHQVNSR1FDcjV1d1EweGdr
Q0dVdS9pZElJSnBDbmtxL1Nvb2owcm1LTHlvS1NkDQpEWFI4ZmY1VWQwS3VNaVc3QlV6dDU1cUdr
bG1yZlRDaGpTdE1XNm5Vc2dhNjFxUUpaQ1RQRzY5dE1Gc0d5UGhRDQpEUXgrbXlnek9PZ3JqVXdZ
eGNGTjNVNlVRSnU3Y0JiZ3hkVC9Sd2dFNzF6a0N5TWZuOGNZajJFSWxvaXRwYXNnDQpWblFxQ2p4
NmJMRVR5eGVZQ09UbmJjVzhWSkhySUhrRVdjaVhuNFR3Y3ZQcW9JVE5CbVVpQ0o5YlBhZnV3UXI3
DQpQOU5kNXdVMVI2Q3BLL2ZHMDY1bVR2ZlBtSDlicHd6M0ZPTEtzYVVGdGpYY1BPZEQxeERNbEVo
MkdYZmN0YWFzDQpCNlAxTnlLdkdqRkFUcFBSd3BSQlRucEswcHMwL0s1OHBuYUhLU1hoQXdicFhn
RldMSWJnSjdWVUcxZzVvTm5IDQpQdnQ4UFBmcXk3VkpKREZVaFJhT3Z4UG4zU0lhNlBBUm5zbjhZ
MXNGUWprYVNtSm5WRy9hTllOcyt1a3lnL1lkDQpvWHYxUUFodjlCUmJHcEJzbU8vbTZ0RzFuN1FT
RmxxemtZcnNvZTcrMTNBOXRyUFluQmo4WmRDMStwUmMvNjhJDQpwb2orZzRrRkFmdFpWUnBXcDZ6
Wg0KPTdMcmcNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

So I tried it with a user without a comma. Same error.
Just for my information the password+otp has to be merged as following:

mypassword123456

right

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWUTZlT0FBb0pFQkJoWkZVdWpZRkpoRXdRQUpjT1VaVmNPT1Nic2hEcEtzLzFx
bTZrDQpiS1U0YWVJSzJHK1FLU2ZtWE1yZ3NaNWxhWGVmMEhCbmZEV3d1ZlNtclVRd2VNeVpnM0JG
QzFTZ1cyaW9POHhsDQpBYVZteUI4REVZWmVHcmdxVzU1VkF5TE5qQ290eVI0eWNydGp0MDlQNjRV
Rms0L25qdDBRTm44ZTZxSklIbDErDQp2Q2ZVaUlaTERLVEVZU1hmcFgxUnRTYVR3YVpQSDdMZzMz
d3pBSVRvUGo1aEdKWWYybEgzbXpBT25ZQnJSYWxzDQpQWTNSVkRoYWxpc1dZSDRQblg3OHl6Nmgx
VWpLRFVqK2NiV3FValhNbnk2UG9rdENoQkN0N2V0anBuNjFEVXhkDQpQck5WZlFkeTlqUWF1NDcz
UzhlT09hQmhPQzY1cWxvQ25zNEt6dDlhdFA4ZFJSbmc1SEw4WSs0ci82eXFwMlFEDQpGNDJWZlFy
UTVneHRyWU4yTFM2djR0THRWVG1sNWtWYVV5UmVaeFE5TWlwcFVlVDFJNEd6T2tKbXJTR0xLbllC
DQpUTkJYYjVIYThRdkFFWm9YYjVOK3Y3WXRJMnVEODB3RWprTDdSRkNvSTBMR2dsTm5HblpTYmJH
YWVTaUljckdFDQp4Qmd0SVExYWpNRHdGektySUQraVE0UUswWXRXT20wSURUZHNXTUxUTTFHcmlV
SmJ5MmJxb2x1NmFZVmxndHlwDQpSV0JaSnR0aGVhNmp0MXFYVkFDa2xnUzg3dXIrMlFLamRQMzFo
akI3WUlMb3VwYzY3d1FBWXNlTnNyTkovWXpVDQpKR0RKOHIwREY0cmJvUitzR0xyS1pvKzVsVW5u
RVUrL2tsQlViMS94Mll5SXU1NjFGQTh0c3NYeFFSS0drQVlnDQo1UVgxZVZPZS9WUGlvdU5DRStH
dA0KPVRKOUsNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Okay - I’ll look into this.

Now I’ve got the following situation.
realms: LDAP (default) and mysql

The user: J.Smith is stored in the mysql-db and not in the ldap.

When I try to login with j.smith and the otp and password it will failed -
error log: user does not exist in the ldap realm.

Any idea?

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWUTY4YUFBb0pFQkJoWkZVdWpZRkptd0FRQUxadEJadk9pazBOVFN2b3J5N3Vm
WnVVDQpLME1NU1FnOXljNU5HMzBFWlIzRWdPUWxRNkprNEpENVc0NnNhQ1BTaXpiVlVmSGVMV3lz
VkhxenRNUkdjK0M5DQpReU4zTlZpU3Fvcjl0VkIyYWhZck9kMlVZWXZwaXhCdWZVR21TczBwdUdR
cXRvVlVWR0JZa01YR01UU1laZEsvDQpvLysySXJkSEVpb29PMTlmQ2pGQ3FqYVcrd0hjNnY4NG9z
MUxXNEpDRjByRlJQenNFVGVxTnRxUTFLeVBhNEUrDQpKM0dLcXlTVlZBRk94eGxZTTRmMUlLc2FG
ZlpSb0JTalZnRzNKMERKTWZMSkY0c0ZmNW1uYXBSUkNubGl4QVlDDQp3N3hvc3AwQ2MwVDNmZWcx
QVBSQXhxK0NOamc4UW1xRVo3dFlNcTh0M1UyZ2VmODh2WlQvQ1BJMURaQ2V6ZklLDQpVNW5ENlJQ
VDFYdkc2ejVka0t6YVpjYk9YQTk0eFl0NW9lYTRoRDJBNlovNm4rZExxeDdnT2hLTHlXUHFRM1J2
DQp0VmZzY1BvTzMraVVsSXlGaWtFam1PRGU3WFIrcU92azJKcC9aRmNQU0l1T0lDNURwbWRpemE4
SzNVNW83aC8xDQpHZVExVlNqK00zZUZOaTFkU1EyTTF5VVZBc2dUUWRLYlV4amJFVHZoR3h0TFRU
MlF6ZW92VVJGaDhOcFg3NSs1DQpIWTRIdlBhVUJjZGZQUzZROWdodWJ3ZnBCdDF2VlYrQmpPWnhI
RjQrK2Zka3VuY3QxbXg5R3BhdDRoNm5NSkEzDQpjd0hJNTE4RUZPL0JvQkYxMDlCQ0Nlbzg2cXpp
U2VabmVvTXY0VjMyQnRab00yVWIzNTYyZ2N3UitSUUhsbnVIDQpIcUlocXR5OFJtUldNSlFia1VP
cw0KPTNDSHINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

I think I found the bug.

The issue is that I have - as already described - a SQL and an AD with the
same usernames.
And both are configured in PI. Now I enrolled a token with the AD. When I
try to login a log entry appears (in the Audit-section) that my Token does
not exist in the realm SQL.Am Freitag, 1. Mai 2015 18:03:22 UTC+2 schrieb Stefan Steuer:

Hi Cornelius,
I use already the “simple” bind type

https://lh3.googleusercontent.com/-Ec01Qr3X4sk/VUOjvIeMV7I/AAAAAAAAAGE/Ejdlt8SBehY/s1600/AD.png

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWUTZJZEFBb0pFQkJoWkZVdWpZRkpoNG9RQUkvR3BKTGxvVG5vM0hsSkhqcnhT
N0tuDQp3aEVhaXV2YzlPeGc1OUNYaENQbVpqbjhRNDRVRHdNbmJWaHg5SDRYcVo0c2RFczhFQ29r
NDVvcVE1T2dSTjg1DQpyQ0FNWnVNem16MUVERU9Qd1h0Wkg0dTVGZlU3ZGJnK3F6TVhMNmNobjBK
cWJrb0FmcStwYmt2MjNINDNZOEtYDQpYdHVIZHIvR1l0YytpaWx5QWt6ZXJFNGhONlRDMExRSlBh
VFd6STFMeHZwTkxGR2tFQmR4Ni9xRDg4MVVsdVZZDQpPM0gyRDFneHZ2N3dNeHdJZVhKa3Bxc1pl
ZmtBMGorOFB5ZEtkT1FxalE2YUZGRHVid1hFREllTHJkQ1ZXVGtDDQozdmIzNm1pYlQzYTJwcU1T
aXRuZmczQkZNSUgrWUIwMFRwSU9PMVhFNFcxQ3JLWHZwd3QyWlJkeFpoektETFNWDQoxTmdoQUpn
RVUrTktrS3VCcWhWc3hEZEFFT2VzbkdTbWFlSTJOcXdvTStFSDd3bE1QZXo1TnVSOGRYbzlENDhW
DQpkWVBVRmJGT09iN3NZR3FIMEo2ODZEQzdIN2RHVE5pSkg2am1ONnk4a1NhUXhJUWdlRnI0ekpa
VE52VGo0aERpDQpIdkc1RDNTZ202Z2xrL0lmN29ra1l3MWtlc0tDVnBLOUxUVndpYms3bkd0aGtJ
NjBNSjFISDI5T1dOTEUzSEhWDQpidHBtMk43WGdVMDVUaGpwSjJwcjdPUTN2bDFhMFBBVGV6TEo4
cHJCQlNRQmlMeE8wd1hEeTRTU3BRTGowNU1NDQozU2NBSUNlYmNia0ZpdzhTZUN0Vno0bFJQUWFU
QTBRMUdwNFlMaWJ0alAvUlE3cGR6WGhJWklXQk1YaEF2dlJSDQpST3hsZlNvd0gxVUl6aTlkY1kv
Tg0KPTJWZEoNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

I switched the LDAP-realm to the default realm. Now I’ll get the old error
with the wrong OTP pin - so where you thought that the bug is with the
comma in my username

Hi Cornelius,
I use already the “simple” bind type
https://lh3.googleusercontent.com/-Ec01Qr3X4sk/VUOjvIeMV7I/AAAAAAAAAGE/Ejdlt8SBehY/s1600/AD.png

Hi Cornelius,
any ideas regarding my last post? I’m not sure how PI handle this scenario.

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWUjZjN0FBb0pFQkJoWkZVdWpZRkpJWGtQL2pLbzU3empaajg4bUpTaS9BYW9B
clE1DQpQVEE3WVFZN2dVZWNqd1BqVmtoWVIrL0FjaVZ0RjlZNHBNNHo0V3h6WFlUTHJ6cGJ2OFln
WFUwcEhOMytVcjF3DQpEMktMY0MrY05TUXQyVGo2WE5JM2Q2aVJkSFNTdU5McjFHczZxUWVDd2Q1
aklPTk95Vm13YUtZQWtZaXFqTjduDQprMUN5Tm4wdVNidVdwTlNYb1N6VmRTWWhRZWxFeUJiTTdm
TzlsK09rUXBaTTdPa2xOVzRhSFNpZDV5Ny9DZndTDQpWc2RzOUNYSm5lUzBrcVd4bnpiY2Zua2Vi
QTRRcEFIbDZRdDJodUF1bG9rWTF4eFdYRE84eUF1YTJ0bVpOdHBkDQpYNkl5a3dUcXBDWGUyVGlu
aTc5d2NHTGVRd2Y1RStCTGxvWExGMlpPU3NMclRMc3hES2xuTHFCVnVXOUU5UjhRDQpkZTB6Z2cw
SUN3R2syQVdYdGpUZHQ0SkkybS9iNk92dXhidm1HblFKdVc4QXlxOVZsLzlPVkkvODNSRnM5OStw
DQo0V2ozZEtZT0EyalVSTGxOeGVLVVlVUkVJekRMK2lhVnFPT0gxcjR3T3ZBQUd4OGVJZjNybUhH
Z0ZnbGZvU3FWDQptNStxSXM3SUdrYk91S1JDOUdGd0YrODZhSnFJd2dlMVppWC9MdUhQYW4rcEpl
NWRpdjBNZUVmMkZFY3BwajlHDQowMXQ5azJpTUp6QmNlUjZXK1FyQ3dHRXljYWloWjBSdjQ3MmdW
bWJBVHdOdkdtaHJFZ1pkUDM1RTRMelUxNWM4DQo4TVo2WjdoL1M0aGZYTGdudUN0SWN6YU5GSFBH
K3BFSTBBZzFhQlhOcDdiUVcwb2U0eC9qWjMyWEovQ0pvcTJoDQp5NURqTUN3VFZ6dTFNZjk2Wm95
Zw0KPUxtTkwNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K