Treat users as the same if they're using a parent OR child authinstance. Fixes #2184.
The old logic I had there was clearly wrong. We need to check the auth_remote_user table for the username for the remote authinstance, and the usr table for users for the local authinstance. This bug fixed thanks to Howard Miller/Glasgow University.