"Landers, Paul" <paul.landers@ttuhsc.edu> wrote:
Does anyone have detailed instructions for enabling and configuring Koha 3 with LDAP for authentication? This would be one of the major reasons for us moving to Koha from our current ILS. The man page for the LDAP plugin indicates that LDAP must supply *ALL* required fields for patron records. Our I.T. has advised us of the following for our LDAP server:
It can be used for authentication only. It will not return data for fields.
It will not allow anonymous binds.
It will not return a password for Koha to compare. Koha must supply the password or the hash to LDAP.
Given these constraints, how do we configure Koha to use LDAP?
Slap your I.T. until they provide a useful LDAP service? Seriously - I think you need to either:- 1. run your own LDAP server that proxies out to your I.T.'s LDAP server for authentication - see http://www.openldap.org/software/man.cgi?query=slapd-meta&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release for one way to do that; OR 2. you need to customise koha to create an C4::Auth_with_ldap_and_kohadb module that mixes C4::Auth and C4::Auth_with_ldap methods as needed. Not returning a password probably isn't a problem. If I'm reading the C4::Auth_with_ldap code right, Koha sends the password to the LDAP and doesn't do anonymous binds. It's the lack of field data that's a pain. Hope that helps, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237