Koha folks, My library serves multiple institutions, and we have valid library patrons coming to us who are authenticated against different LDAP servers. I remember seeing somewhere, briefly, in some Koha documentation, something about support for multiple LDAPs, but when I try to find it again, or any kind of example on how to set it up, I turn up nothing. We'd want the system to behave something like this: 1. Check first LDAP; if patron authenticates, end. Else: 2. Check second LDAP; if patron authenticates, end. Else: 3. Either check a third LDAP, or just use the internal Koha login authentication (can one mix and match LDAP auth and Koha DB auth?). 4. Ultimately reject if not in any of the above sources Does the existing code support this, or would a modification need to be made? If it already does, how can I go about setting it up? If it doesn't, where in the code should I look to make the enhancement? Any assistance is greatly appreciated. Thanks! Ian Walls Systems Integration Librarian NYU Health Sciences Libraries (212) 263-8687 </PRE> <html> <body> ------------------------------------------------------------<br /> This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is proprietary, confidential, and exempt from disclosure under applicable law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email in error please notify the sender by return email and delete the original message. Please note, the recipient should check this email and any attachments for the presence of viruses. The organization accepts no liability for any damage caused by any virus transmitted by this email.<br /> ================================= </body> </html> <PRE>
Hi Ian, 2009/6/9 Walls, Ian <Ian.Walls@med.nyu.edu>:
3. Either check a third LDAP, or just use the internal Koha login authentication (can one mix and match LDAP auth and Koha DB auth?).
Yes.
Does the existing code support this, or would a modification need to be made? If it already does, how can I go about setting it up? If it doesn’t, where in the code should I look to make the enhancement?
It would be necessary to modify the existing code, mostly in C4/Auth_with_ldap.pm. Most of the work would consist of refactoring that module to handle multiple ldapserver elements in koha-conf.xml without breaking existing LDAP configurations and and implementing the fallback logic you're looking for. Regards, Galen -- Galen Charlton VP, Research & Development, LibLime galen.charlton@liblime.com p: 1-888-564-2457 x709 skype: gmcharlt
Maybe something like: ******************************** # LDAP connection parameters # LDAP server my $ldapserver = '10.1.1.7'; my $ldapserver2 = '10.1.1.8'; # Base DN for users my $name = "ou=students,o=pine"; my $name2 = "ou=staff,o=pine"; # Bind uses the users full DN, if uid doesn't work try "cn" my $binddn = "cn=$userid,$name"; my $binddn2 = "cn=$userid,$name2"; my $db = Net::LDAP->new( $ldapserver ); # do bind my $res =$db->bind( dn =>$binddn, password =>$password); # do bind my $res =$db->bind( dn =>$binddn2, password =>$password); my $db = Net::LDAP->new( $ldapserver2 ); # do bind my $res =$db->bind( dn =>$binddn, password =>$password); # do bind my $res =$db->bind( dn =>$binddn2, password =>$password); ******************************** Might work. Good luck. Walls, Ian wrote:
Koha folks,
My library serves multiple institutions, and we have valid library patrons coming to us who are authenticated against different LDAP servers. I remember seeing somewhere, briefly, in some Koha documentation, something about support for multiple LDAPs, but when I try to find it again, or any kind of example on how to set it up, I turn up nothing.
We’d want the system to behave something like this:
1. Check first LDAP; if patron authenticates, end. Else:
2. Check second LDAP; if patron authenticates, end. Else:
3. Either check a third LDAP, or just use the internal Koha login authentication (can one mix and match LDAP auth and Koha DB auth?).
4. Ultimately reject if not in any of the above sources
Does the existing code support this, or would a modification need to be made? If it already does, how can I go about setting it up? If it doesn’t, where in the code should I look to make the enhancement?
Any assistance is greatly appreciated. Thanks!
Ian Walls
Systems Integration Librarian
NYU Health Sciences Libraries
(212) 263-8687
------------------------------------------------------------ This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is proprietary, confidential, and exempt from disclosure under applicable law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email in error please notify the sender by return email and delete the original message. Please note, the recipient should check this email and any attachments for the presence of viruses. The organization accepts no liability for any damage caused by any virus transmitted by this email. ================================= ------------------------------------------------------------------------
_______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
participants (3)
-
Galen Charlton -
Scott Owen -
Walls, Ian