[Koha] LDAP auth and Active Directory
Nijnatten, Jan van
jan.v.nijnatten at philips.com
Wed Sep 16 03:52:36 NZST 2009
Hi Joe,
Thanks for the suggestion, but I'm still stuck:
My auth_with_ldap.pm is probably before June 30th (3.00.02.12), so I patched it.
Tried the principal_name tag with the correct domain but then the logging states:
[Tue Sep 15 17:31:31 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:31:31 2009] opac-user.pl: Can't call method "exists" on an undefined value at /home/koha/source/C4/Auth_with_ldap.pm line 168, <DATA> line 253., referer: http://130.145.169.217/cgi-bin/koha/opac-main.pl
If i don't patch auth_with_ldap.pm and don't use principal_name I'm getting:
[Tue Sep 15 17:43:56 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:43:56 2009] opac-user.pl: LDAP Auth rejected : invalid password for user 'nlv04101'. LDAP error #16: LDAP_NO_SUCH_ATTRIBUTE, referer: http://130.145.169.217/cgi-bin/koha/opac-user.pl
I've tried binding and no binding....
I can search my ldap server; I have the feeling the userPassword entry doesn't exist ... but how do I check?
Any idea how I can proceed?
best regards,
Jan
________________________________________
From: Joe Atzberger [ohiocore at gmail.com]
Sent: Tuesday, September 15, 2009 2:54 AM
To: Nijnatten, Jan van
Cc: koha at lists.katipo.co.nz
Subject: Re: [Koha] LDAP auth and Active Directory
Try auth_by_bind, optionally with a "principal_name" setting, if your version is newer than June 30, 2009, when this patch was applied:
http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=7c2e7ad410e59d6f0c21d76859656b8aa8838ecb
principal_name is designed to compensate for the differences between openldap and active directory.
--Joe
On Mon, Sep 14, 2009 at 11:55 AM, Nijnatten, Jan van <jan.v.nijnatten at philips.com<mailto:jan.v.nijnatten at philips.com>> wrote:
Hi all,
Earlier this month Anselm Olweny wrote:
======
I have installed koha in my institution library and would like patrons
to login at the opac using their active directory accounts.
I have followed the instructions in the Auth_with_ldap.pm file and
made the necessary changes in the koha-conf.xml file.
I have koha version 3.0100041, however when I login using a valid
Active Directory account I get "You entered an incorrect username or
password." in the opac. There are also no errors in both apache and
koha error logs.
I am kindly requesting for any assistance in making this work. I would
appreciate help relating to what changes I may need to do in active
directory as well or Auth_with_ldap.pm. I have attached a copy of my
koha-conf.xml so that you may show me what am getting wrong.
======
I have exactly the same problem: incorrect username, password.
I haven't modified auth_with_ldap.pm<http://auth_with_ldap.pm> .
See my koha-conf.xml attached.
What are we doing wrong? Where can we debug?
koha-conf.xml:
<yazgfs>
<!-- [scheme:]host[:port][/databaseName] -->
<!-- scheme: tcp, ssl, unix, http, sru -->
<!-- can run all servers on tcp, but the unix socket is faster -->
<listen id="biblioserver" >unix:/var/run/koha/zebradb/bibliosocket</listen>
<listen id="authorityserver" >unix:/var/run/koha/zebradb/authoritysocket</listen>
<!-- public server runs on tcp -->
<!-- <listen id="publicserver" >tcp:@:9999</listen> -->
<!-- Settings for special biblio server instance for PazPar2.
Because PazPar2 only connects to a Z39.50 server using TCP/IP,
it cannot use the Unix-domain socket that biblioserver uses.
Therefore, a custom server is defined. -->
<!--
<listen id="mergeserver">tcp:@:11001</listen>
<server id="mergeserver" listenref="mergeserver">
<directory>/var/lib/koha/zebradb/biblios</directory>
<config>/etc/koha/zebradb/zebra-biblios.cfg</config>
<cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
</server>
-->
<!-- BIBLIOGRAPHIC RECORDS -->
<server id="biblioserver" listenref="biblioserver">
<directory>/var/lib/koha/zebradb/biblios</directory>
<config>/etc/koha/zebradb/zebra-biblios.cfg</config>
<cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
<!-- <docpath>xsl</docpath> -->
<!-- <stylesheet>xsl/default.xsl</stylesheet> -->
<!-- <maximumrecordsize>2000000</maximumrecordsize> -->
<retrievalinfo>
<retrieval syntax="usmarc" name="F"/>
<retrieval syntax="usmarc" name="B"/>
<retrieval syntax="xml" name="F"/>
<retrieval syntax="xml" name="B"/>
<retrieval syntax="xml" name="marcxml"
identifier="info:srw/schema/1/marcxml-v1.1">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="dc">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="mods">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="rdfdc">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="rss2">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RSS2.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="utils">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/>
</backend>
</retrieval>
</retrievalinfo>
<xi:include href="/etc/koha/zebradb/explain-biblios.xml"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:fallback>
<explain xmlns="http://explain.z3950.org/dtd/2.0/">
<serverInfo>
<host>localhost</host>
<port>9998</port>
<database>biblios</database>
</serverInfo>
</explain>
</xi:fallback>
</xi:include>
</server>
<serverinfo id="biblioserver">
<ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn>
<user>kohauser</user>
<password>[our kohauser pw]</password>
</serverinfo>
<!-- AUTHORITY RECORDS -->
<server id="authorityserver" listenref="authorityserver" >
<directory>/var/lib/koha/zebradb/authorities</directory>
<config>/etc/koha/zebradb/zebra-authorities.cfg</config>
<cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
<!-- <docpath>xsl</docpath> -->
<!-- <stylesheet>xsl/default.xsl</stylesheet> -->
<!-- <maximumrecordsize>2000000</maximumrecordsize> -->
<xi:include href="/etc/koha/zebradb/retrieval-info-auth-grs1.xml"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:fallback>
<retrievalinfo>
<retrieval syntax="usmarc" name="F"/>
<retrieval syntax="usmarc" name="B"/>
<retrieval syntax="xml" name="marcxml"
identifier="info:srw/schema/1/marcxml-v1.1">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="dc">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="mods">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="rdfdc">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
</backend>
</retrieval>
<retrieval syntax="xml" name="utils">
<backend syntax="usmarc" name="F">
<marc inputformat="marc" outputformat="marcxml"
inputcharset="utf-8"/>
<xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/>
</backend>
</retrieval>
</retrievalinfo>
</xi:fallback>
</xi:include>
<xi:include href="/etc/koha/zebradb/explain-authorities.xml"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:fallback>
<explain xmlns="http://explain.z3950.org/dtd/2.0/">
<serverInfo>
<host>localhost</host>
<port>9999</port>
<database>authorities</database>
</serverInfo>
</explain>
</xi:fallback>
</xi:include>
</server>
<serverinfo id="authorityserver">
<ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn>
<user>kohauser</user>
<password>[our kohauser pw]</password>
</serverinfo>
<!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE -->
<!-- db_scheme should follow the DBD driver name -->
<!-- port info: mysql:3306 Pg:5432 (5433 on Debian) -->
<config>
<db_scheme>mysql</db_scheme>
<database>koha</database>
<hostname>localhost</hostname>
<port>3306</port>
<user>kohaadmin</user>
<pass>[our kohaadmin pw]</pass>
<biblioserver>biblios</biblioserver>
<biblioservershadow>1</biblioservershadow>
<authorityserver>authorities</authorityserver>
<authorityservershadow>1</authorityservershadow>
<intranetdir>/usr/share/koha/intranet/cgi-bin</intranetdir>
<opacdir>/usr/share/koha/opac/cgi-bin/opac</opacdir>
<opachtdocs>/usr/share/koha/opac/htdocs/opac-tmpl</opachtdocs>
<intrahtdocs>/usr/share/koha/intranet/htdocs/intranet-tmpl</intrahtdocs>
<includes>/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/</includes>
<logdir>/var/log/koha</logdir>
<pazpar2url>http://kohadeb:11002/search.pz2</pazpar2url>
<install_log>/usr/share/koha/misc/koha-install-log</install_log>
<useldapserver>1</useldapserver>
<!-- LDAP SERVER (optional) -->
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>nlvhtcway1dc001.code1.emi.philips.com<http://nlvhtcway1dc001.code1.emi.philips.com></hostname>
<base>dc=code1,dc=emi,dc=philips,dc=com</base>
<user>[our admin CN ]</user> <!-- DN, if not anonymous -->
<pass>[our password]</pass> <!-- password, if not anonymous -->
<replicate>1</replicate> <!-- add new users from LDAP to Koha database -->
<update>1</update> <!-- update existing users in Koha database -->
<auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate by binding instead of
password comparison, e.g., to use Active Directory -->
<mapping> <!-- match koha SQL field names to your LDAP record field names -->
<firstname is="givenName" ></firstname>
<surname is="sn" ></surname>
<address is="company" ></address>
<city is="l" >Athens, OH</city>
<zipcode is="postalCode" ></zipcode>
<branchcode is="branch" >MAIN</branchcode>
<userid is="sAMAccountName" ></userid>
<password is="userPassword" ></password>
<email is="mail" ></email>
<categorycode is="employeeType" >PT</categorycode>
<phone is="telephoneNumber"></phone>
</mapping>
</ldapserver>
</config>
</yazgfs>
Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
_______________________________________________
Koha mailing list
Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz>
http://lists.katipo.co.nz/mailman/listinfo/koha
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
More information about the Koha
mailing list