Re: [Koha] LDAP authentication

12 Dec 2005

      KL Nasveschuk a écrit :
...
Hello,
I'm still trying to get LDAP authentication to work on Koha. I've
modified Auth.pm with the following:
##################################################
        ### LOCAL
        ### Change the code below to match your own LDAP server.
        ##################################################
        # LDAP connexion parameters
        my $ldapserver = '172.16.0.24';
        # Infos to do an anonymous bind
        my $ldapinfos = 'ou=users,dc=tow,dc=net ';
        my $name  = "ou=users,dc=tow,dc=net";
        my $db = Net::LDAP->new( $ldapserver );
# do an anonymous bind
        my $res =$db->bind();
        # check connexion
        if($res->code) {
                # auth refused
                warn "LDAP Auth impossible : server not responding";
                return 0;
        # search user
        } else {
this log
...
[Mon Dec 12 12:04:36 2005] [error] [client 172.16.60.186] LDAP Auth
impossible : user unknown in LDAP
at /usr/local/koha/intranet/modules/C4/Auth.pm line 464.
means you have an error in the following code :
...
my $userdnsearch = $db->search(base => "$name",
                                filter =>"(uid=$userid)",
                                );
                if($userdnsearch->code || ! ( $userdnsearch-> count eq
1 ) ) {
                        warn "LDAP Auth impossible : user unknown in
LDAP";
                        return 0;
                };
That means :
* connexion was successful (otherwise, you would have LDAP Auth 
impossible : server not responding). A good news ;-)
* the LDAP search failed. Meaning : uid=$userid is probably not what you 
had to do. The query you have to do depends on your LDAP structure, I 
can't help you more.

just another hint. Change to :
  warn "LDAP Auth impossible : user unknown in LDAP for $userid";
to see which value is in $userid !

That could help you.

HTH

Anyway, I can ensure you I have 1 (and soon 2) libraries using LDAP 
auth. Quite tricky to tune, but works fine when it's done !

Just one reminder : the member record is created in Koha when the user 
logs in in OPAC. So you MUST request all your users to log in at least 
once. That's a good solution to show you now "have the great free ILS 
called Koha" & show what it can do.

-- 
Paul POULAIN
Consultant indépendant en logiciels libres
responsable francophone de koha (SIGB libre http://www.koha-fr.org)