https://bugs.openldap.org/show_bug.cgi?id=10192
--- Comment #8 from michal.pura@gmail.com --- In my opinion example given in test080-hotp which uses PcbKpIJKbSiHZ7IzHiC0MWbLhdk= as a secret is misleading.
PcbKpIJKbSiHZ7IzHiC0MWbLhdk= is base64 encoded value of 3d c6 ca a4 82 4a 6d 28 87 67 b2 33 1e 20 b4 31 66 cb 85 d9 which is pointed by you recently.
The problem is that expected HOTP values which are embedded in the tests are not correct because openldap treat this secret PcbKpIJKbSiHZ7IzHiC0MWbLhdk= as a raw value directly (no base64 decoding is done before) which is the key point here.
This means that the secret is PcbKpIJKbSiHZ7IzHiC0MWbLhdk= NOT 3d c6 ca a4 82 4a 6d 28 87 67 b2 33 1e 20 b4 31 66 cb 85 d9.
Google Authenticator or www.verifyr.com require base32 encoded secret, so the secret which should be given there is KBRWES3QJFFEWYSTNFEFUN2JPJEGSQZQJVLWETDIMRVT2===.
So, expected values in the tests should different. Proper values are presented below:
TOKEN_0 - 192008 TOKEN_1 - 057719 TOKEN_2 - 547141 TOKEN_3 - 369878 TOKEN_4 - 225285 TOKEN_5 - 963571 TOKEN_6 - 130275 TOKEN_7 - 469460 TOKEN_8 - 496738 TOKEN_9 - 097212 TOKEN_10 - 086214
MP.