Currently I am testing PrivacyIDEA authentication. In PrivacyIDEA, I have setup an LDAP resolver pointing to an OpenLDAP server and enrolled a HOTP token for a test user. When I set up the otppin policy to “none” or “tokenpin” the authentication is successful, no issues. But when it is set to “userstore”, I enter my OTP as the following: (LDAP password + OTP), the authentication fails. I did read a similar post about this issue (Login with userstore password), the only difference is that in that post they are using an SQL resolver.
My question is, does this function only work with userPassword attributes hashed with specific algorithms only? or am I misunderstanding how PrivacyIdea authenticates the LDAP password provided by the user?