Ben Finney <ben+koha@benfinney.id.au> writes:
It occurred to me, discussing with Chris, that perhaps what I'm seeing from Koha is that the *authentication* worked, but the user has no permission. If true, that would be a step forward.
A discussion on IRC with Galen Charlton confirmed that indeed, the authentication was working. The creation of the borrower record failed due to confusion over the MySQL schema and the mapping from LDAP-to-MySQL fields. I have now imported the “optional data” from the SQL files in ‘installer/data/mysql/en/optional/’. I now have the following Koha config for the LDAP section: ===== <config> … <useldapserver>1</useldapserver <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>trimserver-admin.lan</hostname> <base>ou=People,dc=lan</base> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use Active Directory --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" >Unknown address</address> <city is="l" >Unknown city</city> <!-- <zipcode is="postalcode" ></zipcode> --> <branchcode is="branch" >CPL</branchcode> <userid is="uid" ></userid> <password is="userpassword" ></password> <!-- <email is="mail" ></email> --> <categorycode is="employeetype" >PT</categorycode> <!-- <phone is="telephonenumber"></phone> --> </mapping> </ldapserver> </config> ===== (Side note: isn't one of the main points of a NULL in a database to indicate “the value for this column is currently unknown”? It would be better, I'd think, for the Koha code to use a NULL field to indicate that state, rather than setting the schema NOT NULL for those columns.) Now, when successfully authenticating against LDAP in the admin interface, a new borrower record is created in the ‘borrowers’ table, if the user was previously unknown. I'm getting errors still, but it appears that authentication has succeeded. Thanks for everyone's help so far. -- \ “The apparent lesson of the Inquisition is that insistence on | `\ uniformity of belief is fatal to intellectual, moral, and | _o__) spiritual health.” —_The Uses Of The Past_, Herbert J. Muller | Ben Finney