So, I sorted this out after seeing this post: http://lists.koha.org/pipermail/koha-devel/2008-October/008493.html Active Directory users can log in (and their data in the borrowers table is updated) after replacing " my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); if ($cmpmesg->code != 6) { warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); return 0; } " with " my $user_ldapname = $userldapentry->dn(); my $user_db = Net::LDAP->new( [$prefhost] ); $res = $user_db->bind( $user_ldapname, password => $password ); if ( $res->code ) { $debug and warn "Bind as user failed". description( $res ); return 0; " on line 103 of /usr/share/koha3/lib/C4/Auth_with_ldap.pm After looking at the rest of the thread, I discovered that this bug was reported in the past and a patch was created in Oct 2008: http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=2726 According to this record, "This is controlled by the option auth_by_bind, which, if set, causes this code to try binding instead of comparing." http://bugs.koha.org/cgi-bin/bugzilla3/attachment.cgi?id=494 Unfortunately, it is not clear to me by looking at this record where this option is set. Is this a patch that is bundled with Koha 3.0.1? Or has it not been folded into the base code yet? Is there an easy way to tell whether or not bugs like this have been resolved? I'm all set for now, but if I could configure this in /etc/koha3koha-conf.xml in the future, that'd be good to know. Cheers, Christopher Curry Assistant Technical Librarian / Assistant IT Officer American Philosophical Society 105 South Fifth Street Philadelphia, PA 19106-3386 Tel. (215) 599-4299 ccurry@amphilsoc.org <mailto:ccurry@amphilsoc.org> *For technical support, please use helpdesk@amphilsoc.org <mailto:helpdesk@amphilsoc.org>* Main Library number: (215)440-3400 APS website: http://www.amphilsoc.org Christopher Curry wrote:
Joe,
Thanks for the quick reply.
That's good to know, but something is still not working right because I haven't been able to log in with any of my AD user accounts (whether or not I have an existing borrower in the Koha database with the same username). I get this error in the logs:
opac-user.pl: LDAP Auth rejected : invalid password for user '[USERNAME]'. LDAP error #16: LDAP_NO_SUCH_ATTRIBUTE, referer: http://avocado/cgi-bin/koha/opac-user.pl opac-user.pl: # The request referenced an attribute that does not exist, referer: http://avocado/cgi-bin/koha/opac-user.pl
Cheers,
Christopher Curry Assistant Technical Librarian / Assistant IT Officer
American Philosophical Society 105 South Fifth Street Philadelphia, PA 19106-3386 Tel. (215) 599-4299
ccurry@amphilsoc.org <mailto:ccurry@amphilsoc.org>
*For technical support, please use helpdesk@amphilsoc.org <mailto:helpdesk@amphilsoc.org>* Main Library number: (215)440-3400 APS website: http://www.amphilsoc.org
Joe Atzberger wrote:
Christopher --
You seem to be expecting Koha to extract the entire LDAP directory at once. It doesn't. Instead, it updates the user account when they go to login. So you should try to login as one of the users that isn't yet in your Koha DB, or that has outdated info. If you want the mass upload, you should export from LDAP to CSV and use the normal patron import tool.
Having some kind of batch LDAP update mode is desirable, but nobody has sponsored or worked on such functionality.
-- Joe Atzberger LibLime - Open Source Library Solutions
2009/5/20 Christopher Curry <ccurry@amphilsoc.org <mailto:ccurry@amphilsoc.org>>
Hello all,
I'm trying to set configure Koha to access my Active Directory LDAP server. I don't get errors when I browse to the catalog, so it seems that the configuration is being accepted, but my borrowers database has not been updated. I tried restarting the server (which should cover restarting apache, as well -- right?). I used the following documentation: http://wiki.koha.org/doku.php?id=en:development:ldap.
My configuration is copied below; the ALL-CAPS areas are of course replaced with the relevant data.
Any thoughts?
I've pasted this into /etc/koha3/koha-conf.xml inside <config>, inside of <yazgfs>:
<useldapserver>1</useldapserver>
<!-- LDAP SERVER (optional) --> <ldapserver id="LDAP_IPADDRESS" listenref="LDAP_IPADDRESS"> <hostname>LDAP_IPADDRESS</hostname> <base>CN=USERS_FOLDER_NAME,DC=DOMAIN,DC=TOP_LEVEL_DOMAIN</base> <user>CN=USERNAME,CN=USERS_FOLDER_NAME,DC=DOMAIN,DC=TOP_LEVEL_DOMAIN</user> <pass>PASSWORD</pass> <replicate>1</replicate> <update>1</update> <mapping> <firstname is="givenName"></firstname> <surname is="sn"></surname> <address is="">ADDRESS</address> <city is="">CITY</city> <zipcode is="">19106</zipcode> <branchcode is="">BRANCHCODE</branchcode> <userid is="sAMAccountName"></userid> <password is="userPassword"></password> <categorycode is="">S</categorycode> <email is="">manuscripts@amphilsoc.org <mailto:manuscripts@amphilsoc.org></email> <phone is="">215-440-3400</phone> </mapping> </ldapserver>
Cheers,
Christopher Curry Assistant Technical Librarian / Assistant IT Officer
American Philosophical Society 105 South Fifth Street Philadelphia, PA 19106-3386 Tel. (215) 599-4299
ccurry@amphilsoc.org <mailto:ccurry@amphilsoc.org>
*For technical support, please use helpdesk@amphilsoc.org <mailto:helpdesk@amphilsoc.org>* Main Library number: (215)440-3400 APS website: http://www.amphilsoc.org
_______________________________________________ Koha mailing list Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha
------------------------------------------------------------------------
_______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha