Sure, it took me a while to get it working, but we have it working now. In our koha-conf.xml, we have this section in the config section (between <config> and </config> near the end of the file): <useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>LDAPSERVERNAMEHERE:389</hostname> <base>dc=DOMAIN,dc=COM</base> <user> CN=[USER THAT CAN BROWSE ACTIVE DIRECTORY],OU=[OU OF USER (MULTIPLE ENTRIES IF NESTED OU)],DC=DOMAIN,DC=COM </user> <!-- DN, if not anonymous --> <pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous --> <replicate>0</replicate> <!-- add new users from LDAP to Koha database --> <update>0</update> <!-- update existing users in Koha database --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <!--<cardnumber is="" ></cardnumber>--> <!--<firstname is="givenname" ></firstname>--> <!--<surname is="sn" ></surname>--> <!--<address is="" > </address>--> <!--<city is="" > </city>--> <!--<zipcode is="" ></zipcode>--> <!--<branchcode is ="">MAIN</branchcode>--> <userid is="samAccountName" ></userid> <password is="" ></password> <!--<email is="mail" ></email>--> <!--<categorycode is="employeetype" > </categorycode>--> <!--<phone is=""></phone>--> </mapping> </ldapserver> Most of the attributes are commented out because we populate our users in Koha from a different system and they only log in using their AD password. We don't want to add new users or update existing users. Then in Auth_with_ldap.pm at line 102 (thanks to this thread http://lists.koha.org/pipermail/koha-devel/2008-September/008355.html) Change these lines: my $userldapentry = $search->shift_entry; my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); if ($cmpmesg->code != 6) { warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); return 0; } To this: my $userldapentry = $search->shift_entry; my $dbuser = Net::LDAP->new( [$prefhost] ); $res = $dbuser->bind( $userldapentry, password => $password ); unless ( $db && ! $res->code ) { warn "LDAP Auth rejected : invalid password for user '$userid'"; return 0; } We had an additional problem with the Auth_with_ldap.pm automatically updating the card number with the user's login. We have existing cards with specific numbers that we're importing, so I had to disable a couple of other lines (lines 116 and 117 in Auth_with_ldap.pm, before the first edit.) #($config{update} ) and my $c2 = &update_local($userid,$password,$borrowernumber,\%borrower) || ''; #($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2' instead of '$cardnumber'"; Hopefully this helps. James Winter 215.517.2588 From: Barry Cannon [mailto:bc@interleaf.ie] Sent: Thursday, February 12, 2009 12:06 PM To: Winter, James Subject: RE: [Koha] FW: Koha 3.0 LDAP Question? Yes, I am using Active Directory. Do you have any tips? From: Winter, James [mailto:WinterJ@arcadia.edu] Sent: 12 February 2009 17:06 To: Barry Cannon Subject: RE: [Koha] FW: Koha 3.0 LDAP Question? Are you using Active Directory? James Winter 215.517.2588 From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Barry Cannon Sent: Thursday, February 12, 2009 9:17 AM To: koha@lists.katipo.co.nz Subject: [Koha] FW: Koha 3.0 LDAP Question? I have been trying to configure LDAP and have a couple of questions: The Wiki says: There are two parts of the KOHA_CONF file (default location: /etc/koha.xml) relevant to LDAP authentication: the configuration stanza itself, and the "switch" line that enables or disables LDAP. The switch appears in the main <config> section, 0 for "off" and 1 for "on",.... Should I take this to mean the koha-conf.xml file? There is no koha.xml file on our installed server? If it is this file, do I simply add the LDAP server options in the config file. I have assumed that is what is needed but I can't figure out where to go from there? Is there an Admin tool to configure/test the LPAD authentication? Thanks Barry