## LDIF
dn: ou=otp,ou=jsc,dc=fz-juelich,dc=de
objectClass: organizationalUnit
objectClass: oathTOTPParams
ou: otp
description: OTP Configuration for Users
oathOTPLength: 6
oathTOTPTimeStepPeriod: 30
oathTOTPTimeStepWindow: 3
oathHMACAlgorithm: 1.2.840.113549.2.11

dn: uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
objectClass: account
objectClass: oathTOTPToken
uid: a1
oathSecret:: cMLhnoskcYjH1O8tLHIqZ585OrQzl8IrR4TGCeFZ+3SZaI3u7AAk
oathTOTPParams: ou=otp,ou=jsc,dc=fz-juelich,dc=de

dn: uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de
uid: a1
cn: testuser a1
uidNumber: 10101
gidNumber: 4854
objectClass: x-jsc-systemUserAccount
objectClass: oathTOTPUser
oathTOTPToken: uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
#objectClass: simpleSecurityObject
#userPassword: a1pw


# CONSOLE
$ ./bin/ldapwhoami -H ldap://127.0.0.1 -D
uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de -w `oathtool --totp=SHA512 -b $SEC`
ldap_bind: Invalid credentials (49)




# slapd -d -1
63c81cad.1a79cfd8 0x7f04b1ab9640 daemon: activity on 1 descriptor
63c81cad.1a7aa8d6 0x7f04b1ab9640 daemon: activity on:63c81cad.1a7adecc
0x7f04b1ab9640
63c81cad.1a7b0e61 0x7f04b1ab9640 slap_listener_activate(8):
63c81cad.1a7ba708 0x7f04b12b8640 >>> slap_listener(ldap://127.0.0.1:389)
63c81cad.1a7c03e7 0x7f04b12b8640 daemon: accept() = 13
63c81cad.1a7c373b 0x7f04b12b8640 daemon: listen=8, new connection on 13
63c81cad.1a7c6674 0x7f04b1ab9640 daemon: epoll: listen=7 active_threads=0
tvp=NULL
63c81cad.1a7c8123 0x7f04b12b8640 daemon: added 13r (active) listener=(nil)
63c81cad.1a7c8af8 0x7f04b1ab9640 daemon: epoll: listen=8 active_threads=0
tvp=NULL
63c81cad.1a7ca751 0x7f04b12b8640 conn=1001 fd=13 ACCEPT from
IP=127.0.0.1:46302 (IP=127.0.0.1:389)
63c81cad.1a7cac38 0x7f04b1ab9640 daemon: activity on 2 descriptors
63c81cad.1a7cc73d 0x7f04b1ab9640 daemon: activity on:63c81cad.1a7cdad9
0x7f04b1ab9640  13r63c81cad.1a7cf574 0x7f04b1ab9640
63c81cad.1a7d2784 0x7f04b1ab9640 daemon: read active on 13
63c81cad.1a7d6a2e 0x7f04b1ab9640 daemon: epoll: listen=7 active_threads=1
tvp=zero
63c81cad.1a7d9263 0x7f04b1ab9640 daemon: epoll: listen=8 active_threads=1
tvp=zero
63c81cad.1a7d9549 0x7f04b12b8640 connection_get(13)
63c81cad.1a7dd51a 0x7f04b12b8640 connection_get(13): got connid=1001
63c81cad.1a7de98a 0x7f04b12b8640 connection_read(13): checking for input on
id=1001
63c81cad.1a7e060f 0x7f04b12b8640 ber_get_next
63c81cad.1a7e8045 0x7f04b12b8640 ldap_read: want=8, got=8
63c81cad.1a7e9ba7 0x7f04b12b8640   0000:  30 52 02 01 01 60 4d 02
0R...`M.
63c81cad.1a7ebbfe 0x7f04b12b8640 ldap_read: want=76, got=76
63c81cad.1a7ece03 0x7f04b12b8640   0000:  01 03 04 40 75 69 64 3d  61 31 2c 6f
75 3d 75 73   ...@uid=a1,ou=us
63c81cad.1a7ee0c6 0x7f04b12b8640   0010:  65 72 73 2c 63 6e 3d 6a  75 6d 6f 6c
30 31 2c 6f   ers,cn=jumol01,o
63c81cad.1a7ef2e1 0x7f04b12b8640   0020:  75 3d 73 79 73 74 65 6d  73 2c 6f 75
3d 6a 73 63   u=systems,ou=jsc
63c81cad.1a7f04d4 0x7f04b12b8640   0030:  2c 64 63 3d 66 7a 2d 6a  75 65 6c 69
63 68 2c 64   ,dc=fz-juelich,d
63c81cad.1a7f1882 0x7f04b12b8640   0040:  63 3d 64 65 80 06 38 38  34 38 36 37
c=de..884867
63c81cad.1a7f5b1b 0x7f04b12b8640 ber_get_next: tag 0x30 len 82 contents:
63c81cad.1a7f717c 0x7f04b12b8640 ber_dump: buf=0x7f04a4103100
ptr=0x7f04a4103100 end=0x7f04a4103152 len=82
63c81cad.1a7f838b 0x7f04b12b8640   0000:  02 01 01 60 4d 02 01 03  04 40 75 69
64 3d 61 31   ...`M....@uid=a1
63c81cad.1a7f96bf 0x7f04b12b8640   0010:  2c 6f 75 3d 75 73 65 72  73 2c 63 6e
3d 6a 75 6d   ,ou=users,cn=jum
63c81cad.1a7fa8a2 0x7f04b12b8640   0020:  6f 6c 30 31 2c 6f 75 3d  73 79 73 74
65 6d 73 2c   ol01,ou=systems,
63c81cad.1a7fbafe 0x7f04b12b8640   0030:  6f 75 3d 6a 73 63 2c 64  63 3d 66 7a
2d 6a 75 65   ou=jsc,dc=fz-jue
63c81cad.1a7fcc48 0x7f04b12b8640   0040:  6c 69 63 68 2c 64 63 3d  64 65 80 06
38 38 34 38   lich,dc=de..8848
63c81cad.1a7fde7a 0x7f04b12b8640   0050:  36 37
67
63c81cad.1a7ffb80 0x7f04b12b8640 op tag 0x60, time 1674058925
63c81cad.1a8017a4 0x7f04b12b8640 ber_get_next
63c81cad.1a803c98 0x7f04b12b8640 ldap_read: want=8 error=Resource temporarily
unavailable
63c81cad.1a809954 0x7f04b1ab9640 63c81cad.1a80995e 0x7f04b12b8640 daemon:
activity on 1 descriptor
conn=1001 op=0 do_bind
63c81cad.1a80c26d 0x7f04b1ab9640 daemon: activity on:63c81cad.1a80d3d4
0x7f04b12b8640 63c81cad.1a80d72b 0x7f04b1ab9640 ber_scanf fmt ({imt) ber:

63c81cad.1a80edf0 0x7f04b12b8640 ber_dump: buf=0x7f04a4103100
ptr=0x7f04a4103103 end=0x7f04a4103152 len=79
63c81cad.1a80ff31 0x7f04b1ab9640 daemon: epoll: listen=7 active_threads=1
tvp=zero
63c81cad.1a810216 0x7f04b12b8640   0000:  60 4d 02 01 03 04 40 75  69 64 3d 61
31 2c 6f 75   `M....@uid=a1,ou
63c81cad.1a811565 0x7f04b1ab9640 daemon: epoll: listen=8 active_threads=1
tvp=zero
63c81cad.1a811bbc 0x7f04b12b8640   0010:  3d 75 73 65 72 73 2c 63  6e 3d 6a 75
6d 6f 6c 30   =users,cn=jumol0
63c81cad.1a813170 0x7f04b12b8640   0020:  31 2c 6f 75 3d 73 79 73  74 65 6d 73
2c 6f 75 3d   1,ou=systems,ou=
63c81cad.1a814325 0x7f04b12b8640   0030:  6a 73 63 2c 64 63 3d 66  7a 2d 6a 75
65 6c 69 63   jsc,dc=fz-juelic
63c81cad.1a815550 0x7f04b12b8640   0040:  68 2c 64 63 3d 64 65 80  06 38 38 34
38 36 37      h,dc=de..884867
63c81cad.1a816b23 0x7f04b12b8640 ber_scanf fmt (m}) ber:
63c81cad.1a817eb4 0x7f04b12b8640 ber_dump: buf=0x7f04a4103100
ptr=0x7f04a410314a end=0x7f04a4103152 len=8
63c81cad.1a818f74 0x7f04b12b8640   0000:  00 06 38 38 34 38 36 37
..884867
63c81cad.1a81b468 0x7f04b12b8640 >>> dnPrettyNormal:
<uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de>
63c81cad.1a81d26f 0x7f04b12b8640 =>
ldap_bv2dn(uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de,0)
63c81cad.1a820c23 0x7f04b12b8640 <=
ldap_bv2dn(uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de)=0
63c81cad.1a82642f 0x7f04b12b8640 => ldap_dn2bv(272)
63c81cad.1a8293a1 0x7f04b12b8640 <=
ldap_dn2bv(uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de)=0
63c81cad.1a82ca9e 0x7f04b12b8640 => ldap_dn2bv(272)
63c81cad.1a82e673 0x7f04b12b8640 <=
ldap_dn2bv(uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de)=0
63c81cad.1a82fdaf 0x7f04b12b8640 <<< dnPrettyNormal:
<uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de>,
<uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de>
63c81cad.1a8313ce 0x7f04b12b8640 conn=1001 op=0 BIND
dn="uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de"
method=128
63c81cad.1a8327f3 0x7f04b12b8640 do_bind: version=3
dn="uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de"
method=128
63c81cad.1a8375de 0x7f04b12b8640 => mdb_entry_get: ndn:
"uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a83a2af 0x7f04b12b8640 => mdb_entry_get: oc: "(null)", at: "(null)"
63c81cad.1a83e42c 0x7f04b12b8640
mdb_dn2entry("uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a83fd12 0x7f04b12b8640 =>
mdb_dn2id("uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a84816d 0x7f04b12b8640 <= mdb_dn2id: got id=0x9
63c81cad.1a84affc 0x7f04b12b8640 => mdb_entry_decode:
63c81cad.1a84db3f 0x7f04b12b8640 <= mdb_entry_decode
63c81cad.1a84f6dd 0x7f04b12b8640 => mdb_entry_get: found entry:
"uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a850a0d 0x7f04b12b8640 mdb_entry_get: rc=0
63c81cad.1a856af0 0x7f04b12b8640 => mdb_entry_get: ndn:
"uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a858896 0x7f04b12b8640 => mdb_entry_get: oc: "oathTOTPToken", at:
"oathSecret"
63c81cad.1a859db0 0x7f04b12b8640
mdb_dn2entry("uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a85b060 0x7f04b12b8640 =>
mdb_dn2id("uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a85cbdd 0x7f04b12b8640 <= mdb_dn2id: got id=0x4
63c81cad.1a85e0cf 0x7f04b12b8640 => mdb_entry_decode:
63c81cad.1a85f573 0x7f04b12b8640 <= mdb_entry_decode
63c81cad.1a860755 0x7f04b12b8640 => mdb_entry_get: found entry:
"uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a86217f 0x7f04b12b8640 mdb_entry_get: rc=0
63c81cad.1a863418 0x7f04b12b8640 => mdb_entry_get: ndn:
"ou=otp,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a86468f 0x7f04b12b8640 => mdb_entry_get: oc: "oathTOTPParams", at:
"(null)"
63c81cad.1a8657d8 0x7f04b12b8640
mdb_dn2entry("ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a8668e3 0x7f04b12b8640 =>
mdb_dn2id("ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a867efd 0x7f04b12b8640 <= mdb_dn2id: got id=0x3
63c81cad.1a86921d 0x7f04b12b8640 => mdb_entry_decode:
63c81cad.1a86a61e 0x7f04b12b8640 <= mdb_entry_decode
63c81cad.1a86b895 0x7f04b12b8640 => mdb_entry_get: found entry:
"ou=otp,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a86d2da 0x7f04b12b8640 mdb_entry_get: rc=0
63c81cad.1a880481 0x7f04b12b8640 conn=1001 op=0 TOTP token
uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de redeemed with new drift of 0
63c81cad.1a883215 0x7f04b12b8640 mdb_modify:
uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
63c81cad.1a8863ad 0x7f04b12b8640 slap_get_csn: conn=1001 op=0 generated new
csn=20230118162205.445142Z#000000#000#000000 manage=1
63c81cad.1a887b62 0x7f04b12b8640 slap_queue_csn: queueing 0x7f04a4103db0
20230118162205.445142Z#000000#000#000000
63c81cad.1a889dd6 0x7f04b12b8640
mdb_dn2entry("uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a88b173 0x7f04b12b8640 =>
mdb_dn2id("uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a88cdc4 0x7f04b12b8640 <= mdb_dn2id: got id=0x4
63c81cad.1a88e33a 0x7f04b12b8640 => mdb_entry_decode:
63c81cad.1a88f697 0x7f04b12b8640 <= mdb_entry_decode
63c81cad.1a89200b 0x7f04b12b8640 mdb_modify_internal: 0x00000004:
uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
63c81cad.1a893dd7 0x7f04b12b8640 <= acl_access_allowed: granted to database
root
63c81cad.1a898ef2 0x7f04b12b8640 mdb_modify_internal: replace
oathTOTPLastTimeStep
63c81cad.1a89b62f 0x7f04b12b8640 mdb_modify_internal: replace
oathTOTPTimeStepDrift
63c81cad.1a89cd41 0x7f04b12b8640 mdb_modify_internal: replace entryCSN
63c81cad.1a89eb49 0x7f04b12b8640 mdb_modify_internal: replace modifiersName
63c81cad.1a8a0138 0x7f04b12b8640 mdb_modify_internal: replace modifyTimestamp
63c81cad.1a8a2fa5 0x7f04b12b8640 oc_check_required entry
(uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de), objectClass "account"
63c81cad.1a8a4748 0x7f04b12b8640 oc_check_required entry
(uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de), objectClass "oathTOTPToken"
63c81cad.1a8a5cca 0x7f04b12b8640 oc_check_allowed type "objectClass"
63c81cad.1a8a7050 0x7f04b12b8640 oc_check_allowed type "uid"
63c81cad.1a8a8257 0x7f04b12b8640 oc_check_allowed type "oathSecret"
63c81cad.1a8a94fc 0x7f04b12b8640 oc_check_allowed type "oathTOTPParams"
63c81cad.1a8aa797 0x7f04b12b8640 oc_check_allowed type "structuralObjectClass"
63c81cad.1a8ab99c 0x7f04b12b8640 oc_check_allowed type "entryUUID"
63c81cad.1a8acd7a 0x7f04b12b8640 oc_check_allowed type "creatorsName"
63c81cad.1a8adefe 0x7f04b12b8640 oc_check_allowed type "createTimestamp"
63c81cad.1a8af065 0x7f04b12b8640 oc_check_allowed type "oathTOTPLastTimeStep"
63c81cad.1a8b0297 0x7f04b12b8640 oc_check_allowed type "oathTOTPTimeStepDrift"
63c81cad.1a8b143f 0x7f04b12b8640 oc_check_allowed type "entryCSN"
63c81cad.1a8b2562 0x7f04b12b8640 oc_check_allowed type "modifiersName"
63c81cad.1a8b40c7 0x7f04b12b8640 oc_check_allowed type "modifyTimestamp"
63c81cad.1a8b6358 0x7f04b12b8640 mdb_idl_delete_keys: 4 N<q
63c81cad.1a8baf1b 0x7f04b12b8640 mdb_idl_insert_keys: 4 N<
63c81cad.1a8ce6fd 0x7f04b12b8640 => mdb_entry_encode(0x00000004):
uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
63c81cad.1a8d12ec 0x7f04b12b8640 <= mdb_entry_encode(0x00000004):
uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de
63c81cad.1a8dd99d 0x7f04b12b8640 mdb_modify: updated id=00000004
dn="uid=a1,ou=otp,ou=jsc,dc=fz-juelich,dc=de"
63c81cad.1a8dfe98 0x7f04b12b8640 send_ldap_result: conn=1001 op=0 p=3
63c81cad.1a8e1338 0x7f04b12b8640 send_ldap_result: err=0 matched="" text=""
63c81cad.1a8e2b24 0x7f04b12b8640 slap_graduate_commit_csn: removing
0x7f04a4103db0 20230118162205.445142Z#000000#000#000000
63c81cad.1a8e49a0 0x7f04b12b8640 ==> mdb_bind: dn:
uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de
63c81cad.1a8e60ee 0x7f04b12b8640
mdb_dn2entry("uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a8e7649 0x7f04b12b8640 =>
mdb_dn2id("uid=a1,ou=users,cn=jumol01,ou=systems,ou=jsc,dc=fz-juelich,dc=de")
63c81cad.1a8e9725 0x7f04b12b8640 <= mdb_dn2id: got id=0x9
63c81cad.1a8eacdf 0x7f04b12b8640 => mdb_entry_decode:
63c81cad.1a8ec0c3 0x7f04b12b8640 <= mdb_entry_decode
63c81cad.1a8ed5eb 0x7f04b12b8640 send_ldap_result: conn=1001 op=0 p=3
63c81cad.1a8ee9fa 0x7f04b12b8640 send_ldap_result: err=49 matched="" text=""
63c81cad.1a8f00ed 0x7f04b12b8640 send_ldap_response: msgid=1 tag=97 err=49
63c81cad.1a8f1c49 0x7f04b12b8640 ber_flush2: 14 bytes to sd 13
63c81cad.1a8f2f47 0x7f04b12b8640   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00
04 00         0....a...1....
63c81cad.1a8fa825 0x7f04b12b8640 ldap_write: want=14, written=14
63c81cad.1a8fc7d7 0x7f04b12b8640   0000:  30 0c 02 01 01 61 07 0a  01 31 04 00
04 00         0....a...1....
63c81cad.1a8fe480 0x7f04b12b8640 conn=1001 op=0 RESULT tag=97 err=49
qtime=0.000033 etime=0.001042 text=
63c81cad.1a90e41e 0x7f04b1ab9640 daemon: activity on 1 descriptor
63c81cad.1a91277c 0x7f04b1ab9640 daemon: activity on:63c81cad.1a915293
0x7f04b1ab9640  13r63c81cad.1a917a3a 0x7f04b1ab9640
63c81cad.1a91a48e 0x7f04b1ab9640 daemon: read active on 13
63c81cad.1a91d1a8 0x7f04b1ab9640 daemon: epoll: listen=7 active_threads=1
tvp=zero
63c81cad.1a91e574 0x7f04b1ab9640 daemon: epoll: listen=8 active_threads=1
tvp=zero
63c81cad.1a9232f6 0x7f04b12b8640 connection_get(13)
63c81cad.1a926260 0x7f04b12b8640 connection_get(13): got connid=1001
63c81cad.1a9276ee 0x7f04b12b8640 connection_read(13): checking for input on
id=1001
63c81cad.1a92c533 0x7f04b12b8640 ber_get_next
63c81cad.1a92ecc6 0x7f04b12b8640 ldap_read: want=8, got=7
63c81cad.1a930009 0x7f04b12b8640   0000:  30 05 02 01 02 42 00
0....B.
63c81cad.1a9314ec 0x7f04b12b8640 ber_get_next: tag 0x30 len 5 contents:
63c81cad.1a9327c9 0x7f04b12b8640 ber_dump: buf=0x7f04a41041d0
ptr=0x7f04a41041d0 end=0x7f04a41041d5 len=5
63c81cad.1a9338b6 0x7f04b12b8640   0000:  02 01 02 42 00
...B.
63c81cad.1a935110 0x7f04b12b8640 op tag 0x42, time 1674058925
63c81cad.1a936878 0x7f04b12b8640 ber_get_next
63c81cad.1a937e93 0x7f04b12b8640 ldap_read: want=8, got=0
63c81cad.1a938f34 0x7f04b12b8640
63c81cad.1a93a726 0x7f04b12b8640 ber_get_next on fd 13 failed errno=0
(Success)
63c81cad.1a93bbd6 0x7f04b12b8640 connection_read(13): input error=-2 id=1001,
closing.
63c81cad.1a93cf12 0x7f04b12b8640 connection_closing: readying conn=1001 sd=13
for close
63c81cad.1a93fa78 0x7f04b12b8640 connection_close: deferring conn=1001 sd=13
63c81cad.1a941307 0x7f04b12b8640 conn=1001 op=1 do_unbind
63c81cad.1a942534 0x7f04b12b8640 conn=1001 op=1 UNBIND
63c81cad.1a94398b 0x7f04b12b8640 connection_resched: attempting closing
conn=1001 sd=13
63c81cad.1a944bca 0x7f04b12b8640 connection_close: conn=1001 sd=13
63c81cad.1a9464d2 0x7f04b12b8640 daemon: removing 13
63c81cad.1a94e0ae 0x7f04b12b8640 conn=1001 fd=13 closed
63c81cad.1a975e85 0x7f04b1ab9640 daemon: activity on 1 descriptor
63c81cad.1a97c198 0x7f04b1ab9640 daemon: activity on:63c81cad.1a980a29
0x7f04b1ab9640
63c81cad.1a984114 0x7f04b1ab9640 daemon: epoll: listen=7 active_threads=0
tvp=NULL
63c81cad.1a988a1f 0x7f04b1ab9640 daemon: epoll: listen=8 active_threads=0
tvp=NULL