<br><br><div class="gmail_quote">On Wed, Jul 8, 2009 at 6:21 PM, David Schuster <span dir="ltr"><<a href="mailto:dschust1@tx.rr.com">dschust1@tx.rr.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If you wanted to just authenticate and not update the borrowers using LDAP<br>
can this be done? </blockquote><div><br>Yes, this would be update OFF with auth_by_bind ON, but you should consider whether or not you really get what you want out of this situation. See the POD comments from my recently submitted LDAP patch:<br>
<br><span style="font-family: courier new,monospace;">Once a user has been accepted by the LDAP server, there are several possibilities for how Koha will behave, depending on your configuration and the presence of a matching Koha user in your local DB:</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> LOCAL_USER</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> OPTION UPDATE REPLICATE EXISTS? RESULT</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> A1 1 1 1 OK : We’re updating them anyway.</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> A2 1 1 0 OK : We’re adding them anyway.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> B1 1 0 1 OK : We update them.</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> B2 1 0 0 FAIL: We cannot add new user.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> C1 0 1 1 OK : We do nothing. </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> C2 0 1 0 OK : We add the new user.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> D1 0 0 1 OK : We do nothing. </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> D2 0 0 0 FAIL: We cannot add new user.</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Note: failure here just means that Koha will fallback to checking the local DB. That is, a given user could login with their LDAP password OR their local one. If this is a problem, then you should enable update and supply a mapping for password. Then the local value will be updated at successful LDAP login and the passwords will be synced.</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">If you choose NOT to update local users, the borrowers table will not be affected at all. Note that this means that patron passwords may appear to change if LDAP is ever disabled, because the local table never contained the LDAP values.</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><b><span style="font-family: courier new,monospace;">auth_by_bind</span><br style="font-family: courier new,monospace;"></b><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Binds as the user instead of retrieving their record. Recommended if update disabled.</span><br>
<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I don't want to "compare" logins/passwords - maybe logins only?</blockquote>
<div><br>No, that wouldn't mean anything in terms of authentication. <br></div></div><br>