<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-IE link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='color:#1F497D'>James,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'> Thanks for this
info...I can now authenticate against my LDAP server with no problems. However,
when I start enabling <replicate> and <update> to try and add the
AD users into Koha the replication doesn’t occur. The authentication still works
but the users information, as per mappings, doesn’t come across into Koha.
There are no errors either?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Does anyone have any
suggestions?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Thanks<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Bar<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Winter, James [mailto:WinterJ@arcadia.edu] <br>
<b>Sent:</b> 12 February 2009 17:35<br>
<b>To:</b> Barry Cannon<br>
<b>Cc:</b> koha@lists.katipo.co.nz<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Sure, it took me a
while to get it working, but we have it working now.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>In our koha-conf.xml,
we have this section in the config section (between <config> and
</config> near the end of the file):<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><useldapserver>1</useldapserver><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'> <ldapserver
id="ldapserver"><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<hostname>LDAPSERVERNAMEHERE:389</hostname><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<base>dc=DOMAIN,dc=COM</base><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<user> CN=[USER THAT CAN BROWSE ACTIVE DIRECTORY],OU=[OU OF USER
(MULTIPLE ENTRIES IF NESTED OU)],DC=DOMAIN,DC=COM
</user> <!-- DN, if not anonymous --><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous
--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<replicate>0</replicate> <!-- add new users from
LDAP to Koha database --><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<update>0</update>
<!-- update existing users in Koha database --><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<mapping>
<!-- match koha SQL field names to your LDAP record field names --><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<cardnumber is="" ></cardnumber>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<firstname
is="givenname"
></firstname>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<surname is="sn"
></surname>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<address
is="" > </address>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<city
is=""
> </city>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<zipcode
is=""
></zipcode>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<branchcode is ="">MAIN</branchcode>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<userid is="samAccountName"
></userid><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<password is=""
></password><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<email
is="mail"
></email>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<categorycode is="employeetype" >
</categorycode>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<!--<phone
is=""></phone>--><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
</mapping><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'></ldapserver><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Most of the
attributes are commented out because we populate our users in Koha from a
different system and they only log in using their AD password. We don’t want to
add new users or update existing users.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Then in
Auth_with_ldap.pm at line 102 (thanks to this thread
http://lists.koha.org/pipermail/koha-devel/2008-September/008355.html)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Change these lines:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
my $userldapentry = $search->shift_entry;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value
=> $password );<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
if ($cmpmesg->code != 6) {<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
warn "LDAP Auth rejected : invalid password for user '$userid'. " .
description($cmpmesg);<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
return 0;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>To this:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
my $userldapentry = $search->shift_entry;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
my $dbuser = Net::LDAP->new( [$prefhost] );<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
$res = $dbuser->bind( $userldapentry, password => $password );<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
unless ( $db && ! $res->code ) {<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
warn "LDAP Auth rejected : invalid password for user '$userid'";<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
return 0;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>We had an additional
problem with the Auth_with_ldap.pm automatically updating the card number with
the user’s login. We have existing cards with specific numbers that we’re importing,
so I had to disable a couple of other lines (lines 116 and 117 in
Auth_with_ldap.pm, before the first edit.)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-indent:36.0pt'><span lang=EN-US
style='color:#1F497D'>#($config{update} ) and my $c2 =
&update_local($userid,$password,$borrowernumber,\%borrower) || '';<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
#($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2'
instead of '$cardnumber'";<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Hopefully this helps.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;color:#1F497D'>James
Winter<o:p></o:p></span></b></p>
<p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;color:#1F497D'>215.517.2588<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Barry Cannon [mailto:bc@interleaf.ie] <br>
<b>Sent:</b> Thursday, February 12, 2009 12:06 PM<br>
<b>To:</b> Winter, James<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Yes, I am using Active
Directory. Do you have any tips?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Winter, James [mailto:WinterJ@arcadia.edu] <br>
<b>Sent:</b> 12 February 2009 17:06<br>
<b>To:</b> Barry Cannon<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Are you using Active
Directory?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;color:#1F497D'>James
Winter<o:p></o:p></span></b></p>
<p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;color:#1F497D'>215.517.2588<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> koha-bounces@lists.katipo.co.nz
[mailto:koha-bounces@lists.katipo.co.nz] <b>On Behalf Of </b>Barry Cannon<br>
<b>Sent:</b> Thursday, February 12, 2009 9:17 AM<br>
<b>To:</b> koha@lists.katipo.co.nz<br>
<b>Subject:</b> [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal>I have been trying to configure LDAP and have a couple of
questions:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The Wiki says: <b><i>There are two parts of the KOHA_CONF
file (default location: /etc/koha.xml) relevant to LDAP authentication: the
configuration stanza itself, and the “switch” line that enables or disables
LDAP. The switch appears in the main <config> section, 0 for “off” and 1
for “on”,....<o:p></o:p></i></b></p>
<p class=MsoNormal><b><i><o:p> </o:p></i></b></p>
<p class=MsoNormal>Should I take this to mean the koha-conf.xml file? There is
no koha.xml file on our installed server? If it is this file, do I simply add
the LDAP server options in the config file. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I have assumed that is what is needed but I can’t figure out
where to go from there? Is there an Admin tool to configure/test the LPAD
authentication?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks<o:p></o:p></p>
<p class=MsoNormal>Barry<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>