Mason James <mason.loves.sushi@gmail.com> writes:
On 2009/05/26, at 12:19 AM, Ben Finney wrote:
Ben Finney <ben+koha@benfinney.id.au> writes:
When I use the same username and password that worked in the direct LDAP query, and enter those into the Koha login form, the return page simply shows the same form with “Error: Invalid username or password”.
How can I get authentication working with Koha like with other LDAP clients?
In particular, without duplicating or storing privileged user credentials in the Koha configuration.
well, this specifically is tricky - as koha expects some basic user records, as Joe stated...
This doesn't follow. Koha can get access to any user's record by authenticating as that user when they log in. Shouldn't Koha be using whatever credentials a user attempts to authenticate with at the login form, and querying against the LDAP server to see whether they're valid? In fact, this is what I was told Koha actually does, by requiring a user to log in before retrieving that user's record from the LDAP directory.
why not try to get a basic koha+LDAP system first, then aim for this advanced setup
I don't think “avoid storing the plain-text password of a privileged user for the LDAP directory” is a particularly advanced request Surely that's the whole point of having a centralised authentication service with a secure query protocol: to avoid duplication and insecure storage of credentials?
Is LDAP authentication something I should expect to be working? The documentation leads me to believe it should work, but the lack of responses here concerns me that it might not actually be in common use.
I got it going recently with no previous experience with LDAP. and people attempting and succeeding LDAP setup is quite frequent, i think
From what I can see of other LDAP clients, it's perfectly normal to do
Well, if the only way to get LDAP authentication working is to avoid using it as intended, that doesn't seem to me to qualify as “working”. the following when attempting to query the directory non-anonymously: * client application requests credentials at runtime * client application computes appropriate hash for credentials * client application binds (authenticates for the purpose of the query) to the LDAP server using the hashed credentials * server responds with appropraite status and query result * client application proceeds on that basis What documentation is there for getting Koha working as a normal LDAP authentication client? -- \ “Free thought is a necessary, but not a sufficient, condition | `\ for democracy.” —Carl Sagan | _o__) | Ben Finney