<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Sans Unicode";
panose-1:2 11 6 2 3 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='color:#1F497D'>Did you comment out the two
lines in Auth_with_ldap.pm? If so, it won’t update or replicate the data.
If you didn’t, I would make sure you have the property names correct. I would
start with the required fields (surname, address, city, branchcode,
categorycode). <o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Try using default values by setting
is=”” for those properties and put text between the tags.
<address is=””>123 Test Street</address> for example.
If a person is created successfully with default values then it’s a
property name problem. If not, it’s a Koha problem.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;color:#1F497D'>James Winter<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-size:9.0pt;color:#1F497D'>215.517.2588<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Barry Cannon
[mailto:bc@interleaf.ie] <br>
<b>Sent:</b> Friday, February 13, 2009 7:31 AM<br>
<b>To:</b> Winter, James<br>
<b>Cc:</b> koha@lists.katipo.co.nz<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>James,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>
Thanks for this info...I can now authenticate against my LDAP server with no
problems. However, when I start enabling <replicate> and <update>
to try and add the AD users into Koha the replication doesn’t occur. The
authentication still works but the users information, as per mappings,
doesn’t come across into Koha. There are no errors either?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>Does anyone have any
suggestions?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>Thanks<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>Bar<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Winter, James
[mailto:WinterJ@arcadia.edu] <br>
<b>Sent:</b> 12 February 2009 17:35<br>
<b>To:</b> Barry Cannon<br>
<b>Cc:</b> koha@lists.katipo.co.nz<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Sure, it took me a while to get
it working, but we have it working now.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>In our koha-conf.xml, we have
this section in the config section (between <config> and </config>
near the end of the file):<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><useldapserver>1</useldapserver><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'> <ldapserver
id="ldapserver"><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<hostname>LDAPSERVERNAMEHERE:389</hostname><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<base>dc=DOMAIN,dc=COM</base><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'> <user>
CN=[USER THAT CAN BROWSE ACTIVE DIRECTORY],OU=[OU OF USER (MULTIPLE ENTRIES IF
NESTED OU)],DC=DOMAIN,DC=COM </user> <!-- DN, if not
anonymous --><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous
--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<replicate>0</replicate> <!-- add new users from
LDAP to Koha database --><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<update>0</update>
<!-- update existing users in Koha database --><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<mapping>
<!-- match koha SQL field names to your LDAP record field names --><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<cardnumber is="" ></cardnumber>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<firstname is="givenname"
></firstname>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<surname
is="sn"
></surname>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<address
is="" > </address>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<city
is=""
> </city>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<zipcode
is=""
></zipcode>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<branchcode is ="">MAIN</branchcode>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<userid is="samAccountName"
></userid><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<password is=""
></password><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<email
is="mail"
></email>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<categorycode is="employeetype" >
</categorycode>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<!--<phone
is=""></phone>--><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
</mapping><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'></ldapserver><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Most of the attributes are
commented out because we populate our users in Koha from a different system and
they only log in using their AD password. We don’t want to add new users
or update existing users.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Then in Auth_with_ldap.pm at
line 102 (thanks to this thread
http://lists.koha.org/pipermail/koha-devel/2008-September/008355.html)<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Change these lines:<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
my $userldapentry = $search->shift_entry;<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value
=> $password );<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
if ($cmpmesg->code != 6) {<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
warn "LDAP Auth rejected : invalid password for user '$userid'. " .
description($cmpmesg);<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
return 0;<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>To this:<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
my $userldapentry = $search->shift_entry;<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
my $dbuser = Net::LDAP->new( [$prefhost] );<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
$res = $dbuser->bind( $userldapentry, password => $password );<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
unless ( $db && ! $res->code ) {<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
warn "LDAP Auth rejected : invalid password for user '$userid'";<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
return 0;<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>We had an additional problem
with the Auth_with_ldap.pm automatically updating the card number with the
user’s login. We have existing cards with specific numbers that
we’re importing, so I had to disable a couple of other lines (lines 116
and 117 in Auth_with_ldap.pm, before the first edit.)<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-indent:.5in'><span style='color:#1F497D'>#($config{update}
) and my $c2 = &update_local($userid,$password,$borrowernumber,\%borrower)
|| '';<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>
#($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2'
instead of '$cardnumber'";<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Hopefully this helps.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;color:#1F497D'>James Winter<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-size:9.0pt;color:#1F497D'>215.517.2588<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Barry Cannon
[mailto:bc@interleaf.ie] <br>
<b>Sent:</b> Thursday, February 12, 2009 12:06 PM<br>
<b>To:</b> Winter, James<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'>Yes, I am using
Active Directory. Do you have any tips?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Winter, James
[mailto:WinterJ@arcadia.edu] <br>
<b>Sent:</b> 12 February 2009 17:06<br>
<b>To:</b> Barry Cannon<br>
<b>Subject:</b> RE: [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Are you using Active Directory?<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:10.0pt;color:#1F497D'>James Winter<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-size:9.0pt;color:#1F497D'>215.517.2588<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] <b>On
Behalf Of </b>Barry Cannon<br>
<b>Sent:</b> Thursday, February 12, 2009 9:17 AM<br>
<b>To:</b> koha@lists.katipo.co.nz<br>
<b>Subject:</b> [Koha] FW: Koha 3.0 LDAP Question?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-IE>I have been trying to configure LDAP and
have a couple of questions:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE>The Wiki says: <b><i>There are two parts of
the KOHA_CONF file (default location: /etc/koha.xml) relevant to LDAP
authentication: the configuration stanza itself, and the “switch”
line that enables or disables LDAP. The switch appears in the main
<config> section, 0 for “off” and 1 for “on”,....<o:p></o:p></i></b></span></p>
<p class=MsoNormal><b><i><span lang=EN-IE><o:p> </o:p></span></i></b></p>
<p class=MsoNormal><span lang=EN-IE>Should I take this to mean the
koha-conf.xml file? There is no koha.xml file on our installed server? If it is
this file, do I simply add the LDAP server options in the config file. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE>I have assumed that is what is needed but I
can’t figure out where to go from there? Is there an Admin tool to
configure/test the LPAD authentication?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE>Thanks<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE>Barry<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p>
</div>
</body>
</html>