Ldap + Active Directory
Firstly, thank you for the awesome Debian documentation! I got this far with no trouble at all. When I log into OPAC with an AD account I am told "You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive." Here is some information regarding my environment (real names hidden to protect the innocent): Koha version: 3.05.00.001 Debian Squeeze DebugLevel set to 2 Windows Server 2008 r2 koha-conf.xml (ldap section) <useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>DOM.TLD</hostname> <base>CN=USERS,DC=DOM,DC=TLD</base> <user>cn=USERS,dc=DOM,dc=TLD</user> <pass>PASSWD</pass> <replicate>0</replicate> <update>0</update> <auth_by_bind>1</auth_by_bind> <principal_name>%s@DOM.TLD</principal_name> <mapping> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" ></address> <city is="" >CITY, ST</city> <zipcode is="postalcode" ></zipcode--> <branchcode is="branch" >MAIN</branchcode> <branchcode is="" ></branchcode> <userid is="samaccountname" ></userid> <password is="userpassword" ></password> <categorycode is="employeetype" >PT</categorycode> <categorycode is="" >PT</categorycode> <phone is="telephonenumber"></phone> </mapping> </ldapserver> I have tried enabling replicate and/or update, when I do I see the following error: Can't call method "exists" on an undefined value at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 522. Line 168 contains: $userldapentry->exists('uid'); I've tried changing 'uid' to 'samaccount' since that's what I have in our schema but the error is the same. I see that one user was able to get AD working by editing the Auth_with_ldap.pm file: http://lists.katipo.co.nz/public/koha/2009-May/018547.html The page he links to does not seem to be available at the moment, not even a google-cached version. When I make the edits that he mentions Koha will not even load and I get this error: Software error: Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 141, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 142, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 143, <DATA> line 522. Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 50, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 67, <DATA> line 522. Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. I have spent most of the day reading through any and all Ldap/AD-related posts on the Koha mailing lists but I don't see anything that stands out as what I am doing wrong or that applies to my situation. Is there some other way to get more verbose feedback, or perhaps something that should be done differently for Server 2008? Thanks for reading :-) -- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4533702.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com.
*** Re-Posting *** We have not had any responses to our request for help to date. Has anyone else run into this? Is there a sample config someone is willing to share? Thanking you in advance, ________________________________________ From: koha-bounces@lists.katipo.co.nz [koha-bounces@lists.katipo.co.nz] on behalf of bash-fu34 [licensing@high-voltage.com] Sent: Tuesday, June 28, 2011 6:37 PM To: koha@lists.katipo.co.nz Subject: [Koha] Ldap + Active Directory Firstly, thank you for the awesome Debian documentation! I got this far with no trouble at all. When I log into OPAC with an AD account I am told "You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive." Here is some information regarding my environment (real names hidden to protect the innocent): Koha version: 3.05.00.001 Debian Squeeze DebugLevel set to 2 Windows Server 2008 r2 koha-conf.xml (ldap section) <useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>DOM.TLD</hostname> <base>CN=USERS,DC=DOM,DC=TLD</base> <user>cn=USERS,dc=DOM,dc=TLD</user> <pass>PASSWD</pass> <replicate>0</replicate> <update>0</update> <auth_by_bind>1</auth_by_bind> <principal_name>%s@DOM.TLD</principal_name> <mapping> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" ></address> <city is="" >CITY, ST</city> <zipcode is="postalcode" ></zipcode--> <branchcode is="branch" >MAIN</branchcode> <branchcode is="" ></branchcode> <userid is="samaccountname" ></userid> <password is="userpassword" ></password> <categorycode is="employeetype" >PT</categorycode> <categorycode is="" >PT</categorycode> <phone is="telephonenumber"></phone> </mapping> </ldapserver> I have tried enabling replicate and/or update, when I do I see the following error: Can't call method "exists" on an undefined value at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 522. Line 168 contains: $userldapentry->exists('uid'); I've tried changing 'uid' to 'samaccount' since that's what I have in our schema but the error is the same. I see that one user was able to get AD working by editing the Auth_with_ldap.pm file: http://lists.katipo.co.nz/public/koha/2009-May/018547.html The page he links to does not seem to be available at the moment, not even a google-cached version. When I make the edits that he mentions Koha will not even load and I get this error: Software error: Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 141, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 142, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 143, <DATA> line 522. Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 50, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 67, <DATA> line 522. Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. I have spent most of the day reading through any and all Ldap/AD-related posts on the Koha mailing lists but I don't see anything that stands out as what I am doing wrong or that applies to my situation. Is there some other way to get more verbose feedback, or perhaps something that should be done differently for Server 2008? Thanks for reading :-) -- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4533702.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that? Here's how: Point your favorite IRC client at *irc.oftc.net:6667* and *join #koha*, or simply click here<http://en.irc2go.com/webchat/?net=OFTC&room=koha>, or here <http://chat.mibbit.com/?server=irc.oftc.net&channel=%23koha> to connect to the Koha irc-channel with your web-browser. Just type in your nickname and click continue. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-= Lori Bowen Ayre // Library Technology Consultant The Galecia Group // www.galecia.com (707) 763-6869 // Lori.Ayre@galecia.com <Lori.Ayre@galecia.com>Specializing in open source ILS solutions, RFID, filtering, workflow optimization, and materials handling =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= On Wed, Jul 13, 2011 at 4:16 AM, Licensing <Licensing@high-voltage.com>wrote:
*** Re-Posting ***
We have not had any responses to our request for help to date.
Has anyone else run into this?
Is there a sample config someone is willing to share?
Thanking you in advance,
________________________________________ From: koha-bounces@lists.katipo.co.nz [koha-bounces@lists.katipo.co.nz] on behalf of bash-fu34 [licensing@high-voltage.com] Sent: Tuesday, June 28, 2011 6:37 PM To: koha@lists.katipo.co.nz Subject: [Koha] Ldap + Active Directory
Firstly, thank you for the awesome Debian documentation! I got this far with no trouble at all.
When I log into OPAC with an AD account I am told "You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive."
Here is some information regarding my environment (real names hidden to protect the innocent):
Koha version: 3.05.00.001 Debian Squeeze DebugLevel set to 2 Windows Server 2008 r2
koha-conf.xml (ldap section)
<useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>DOM.TLD</hostname> <base>CN=USERS,DC=DOM,DC=TLD</base> <user>cn=USERS,dc=DOM,dc=TLD</user> <pass>PASSWD</pass> <replicate>0</replicate> <update>0</update> <auth_by_bind>1</auth_by_bind> <principal_name>%s@DOM.TLD</principal_name> <mapping> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" ></address> <city is="" >CITY, ST</city> <zipcode is="postalcode" ></zipcode--> <branchcode is="branch" >MAIN</branchcode> <branchcode is="" ></branchcode> <userid is="samaccountname" ></userid> <password is="userpassword" ></password>
<categorycode is="employeetype" >PT</categorycode> <categorycode is="" >PT</categorycode> <phone is="telephonenumber"></phone> </mapping> </ldapserver>
I have tried enabling replicate and/or update, when I do I see the following error:
Can't call method "exists" on an undefined value at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 522.
Line 168 contains:
$userldapentry->exists('uid');
I've tried changing 'uid' to 'samaccount' since that's what I have in our schema but the error is the same.
I see that one user was able to get AD working by editing the Auth_with_ldap.pm file:
http://lists.katipo.co.nz/public/koha/2009-May/018547.html
The page he links to does not seem to be available at the moment, not even a google-cached version. When I make the edits that he mentions Koha will not even load and I get this error:
Software error:
Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 141, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 142, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 143, <DATA> line 522. Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 50, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 67, <DATA> line 522. Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522.
I have spent most of the day reading through any and all Ldap/AD-related posts on the Koha mailing lists but I don't see anything that stands out as what I am doing wrong or that applies to my situation.
Is there some other way to get more verbose feedback, or perhaps something that should be done differently for Server 2008?
Thanks for reading :-)
-- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4533702.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Will try that, thanks! Just appears that email would be more efficient and good for reference later. : ) From: Lori Bowen Ayre [via Koha] [mailto:ml-node+4582703-328389114-224901@n5.nabble.com] Sent: Wednesday, July 13, 2011 8:39 AM To: Licensing Subject: Re: Ldap + Active Directory Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that? Here's how: Point your favorite IRC client at irc.oftc.net:6667<http://irc.oftc.net:6667> and join #koha, or simply click here<http://en.irc2go.com/webchat/?net=OFTC&room=koha>, or here<http://chat.mibbit.com/?server=irc.oftc.net&channel=%23koha> to connect to the Koha irc-channel with your web-browser. Just type in your nickname and click continue. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-= Lori Bowen Ayre // Library Technology Consultant The Galecia Group // www.galecia.com<http://www.galecia.com/> (707) 763-6869 // [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=0> [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=1>Specializing in open source ILS solutions, RFID, filtering, workflow optimization, and materials handling =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= On Wed, Jul 13, 2011 at 4:16 AM, Licensing <[hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=2>> wrote: *** Re-Posting *** We have not had any responses to our request for help to date. Has anyone else run into this? Is there a sample config someone is willing to share? Thanking you in advance, ________________________________________ From: [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=3> [[hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=4>] on behalf of bash-fu34 [[hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=5>] Sent: Tuesday, June 28, 2011 6:37 PM To: [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=6> Subject: [Koha] Ldap + Active Directory Firstly, thank you for the awesome Debian documentation! I got this far with no trouble at all. When I log into OPAC with an AD account I am told "You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive." Here is some information regarding my environment (real names hidden to protect the innocent): Koha version: 3.05.00.001 Debian Squeeze DebugLevel set to 2 Windows Server 2008 r2 koha-conf.xml (ldap section) <useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>DOM.TLD</hostname> <base>CN=USERS,DC=DOM,DC=TLD</base> <user>cn=USERS,dc=DOM,dc=TLD</user> <pass>PASSWD</pass> <replicate>0</replicate> <update>0</update> <auth_by_bind>1</auth_by_bind> <principal_name>%[hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=7></principal_name> <mapping> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" ></address> <city is="" >CITY, ST</city> <zipcode is="postalcode" ></zipcode--> <branchcode is="branch" >MAIN</branchcode> <branchcode is="" ></branchcode> <userid is="samaccountname" ></userid> <password is="userpassword" ></password> <categorycode is="employeetype" >PT</categorycode> <categorycode is="" >PT</categorycode> <phone is="telephonenumber"></phone> </mapping> </ldapserver> I have tried enabling replicate and/or update, when I do I see the following error: Can't call method "exists" on an undefined value at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 522. Line 168 contains: $userldapentry->exists('uid'); I've tried changing 'uid' to 'samaccount' since that's what I have in our schema but the error is the same. I see that one user was able to get AD working by editing the Auth_with_ldap.pm file: http://lists.katipo.co.nz/public/koha/2009-May/018547.html The page he links to does not seem to be available at the moment, not even a google-cached version. When I make the edits that he mentions Koha will not even load and I get this error: Software error: Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 141, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 142, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 143, <DATA> line 522. Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 50, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 67, <DATA> line 522. Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl<http://opac-user.pl> line 25, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl<http://opac-user.pl> line 25, <DATA> line 522. I have spent most of the day reading through any and all Ldap/AD-related posts on the Koha mailing lists but I don't see anything that stands out as what I am doing wrong or that applies to my situation. Is there some other way to get more verbose feedback, or perhaps something that should be done differently for Server 2008? Thanks for reading :-) -- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4533702.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=8> http://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________ Koha mailing list http://koha-community.org [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=9> http://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________ Koha mailing list http://koha-community.org [hidden email]</user/SendEmail.jtp?type=node&node=4582703&i=10> http://lists.katipo.co.nz/mailman/listinfo/koha ________________________________ If you reply to this email, your message will be added to the discussion below: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582703.ht... To unsubscribe from Ldap + Active Directory, click here<http://koha.1045719.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4533702&code=bGljZW5zaW5nQGhpZ2gtdm9sdGFnZS5jb218NDUzMzcwMnwxODcxODU2ODIw>. -- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com.
True! More of us would benefit from the answer but it is hard to monitor so many places at once and the super techie folks are more likely there than here. Luckily the IRC channel is logged so it isn't lost forever (see http://stats.workbuffer.org/irclog/koha/2011-07-13). Lori 2011/7/13 bash-fu34 <licensing@high-voltage.com>
Will try that, thanks!****
** **
Just appears that email would be more efficient and good for reference later. : )****
** **
** **
*From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
*Sent:* Wednesday, July 13, 2011 8:39 AM *To:* Licensing *Subject:* Re: Ldap + Active Directory****
** **
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that?****
** **
Here's how: Point your favorite IRC client at *click here. *
------------------------------ View this message in context: RE: Ldap + Active Directory<http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.html>
Sent from the Koha - Discuss mailing list archive<http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
I recently got this working on on our Debiab squeeze server. I am sure one of the issues for me was that koha-conf.xml You have <userid is="samaccountname" ></userid> and to get I had issues until I corrected the case <userid is="sAMAccountName" ></userid> Also noticed you have two branchcodes and one is blank. Have you created or got a Branchcode called Main, I had issues with logon until I setup some information for our initial branch Hope the above helps, ask again if you this does not work. Tim On 13 Jul 2011 14:55, "Lori Bowen Ayre" <lori.ayre@galecia.com> wrote:
True! More of us would benefit from the answer but it is hard to monitor so many places at once and the super techie folks are more likely there than here. Luckily the IRC channel is logged so it isn't lost forever (see http://stats.workbuffer.org/irclog/koha/2011-07-13).
Lori
2011/7/13 bash-fu34 <licensing@high-voltage.com>
Will try that, thanks!****
** **
Just appears that email would be more efficient and good for reference later. : )****
** **
** **
*From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]< http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
*Sent:* Wednesday, July 13, 2011 8:39 AM *To:* Licensing *Subject:* Re: Ldap + Active Directory****
** **
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that?****
** **
Here's how: Point your favorite IRC client at *click here. *
------------------------------ View this message in context: RE: Ldap + Active Directory< http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.ht...
Sent from the Koha - Discuss mailing list archive<
http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Thanks Tim, We did try it with that specific case usage, but I am currently re-reviewing all of our schema values versus what we are actually using. Good catch there! If all else fails I will try to apply the patch that Ian pointed out. -Hristos From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Tim Bateson Sent: Wednesday, July 13, 2011 1:25 PM To: koha-user Subject: Re: [Koha] Ldap + Active Directory I recently got this working on on our Debiab squeeze server. I am sure one of the issues for me was that koha-conf.xml You have <userid is="samaccountname" ></userid> and to get I had issues until I corrected the case <userid is="sAMAccountName" ></userid> Also noticed you have two branchcodes and one is blank. Have you created or got a Branchcode called Main, I had issues with logon until I setup some information for our initial branch Hope the above helps, ask again if you this does not work. Tim On 13 Jul 2011 14:55, "Lori Bowen Ayre" <lori.ayre@galecia.com<mailto:lori.ayre@galecia.com>> wrote:
True! More of us would benefit from the answer but it is hard to monitor so many places at once and the super techie folks are more likely there than here. Luckily the IRC channel is logged so it isn't lost forever (see http://stats.workbuffer.org/irclog/koha/2011-07-13).
Lori
2011/7/13 bash-fu34 <licensing@high-voltage.com<mailto:licensing@high-voltage.com>>
Will try that, thanks!****
** **
Just appears that email would be more efficient and good for reference later. : )****
** **
** **
*From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
*Sent:* Wednesday, July 13, 2011 8:39 AM *To:* Licensing *Subject:* Re: Ldap + Active Directory****
** **
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that?****
** **
Here's how: Point your favorite IRC client at *click here. *
------------------------------ View this message in context: RE: Ldap + Active Directory<http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.html>
Sent from the Koha - Discuss mailing list archive<http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha
Greetings, With the help of sekjal in IRC I've been directed to the bottom portion of the "Auth_with_ldap.pm" file where the required mapping fields are listed. It says I can find them by checking the "borrowers" table, so I did this: # mysql -e "use koha; show COLUMNS from borrowers;" | grep NO | awk -F"\t" '{print $1}' borrowernumber surname address city branchcode categorycode These are the ones that I see as being required, correct me if I am mistaken, but some of these do not exist in our Active Directory schema. For example, we do not have an attribute type called "address", "city", or "branchcode" so I tried to map them to one we do have called "company". No success, I try to log in and am told that I have entered an incorrect username or password. There is no further information about what may be wrong in the "/var/log/koha/koha-opac-error_log" file so I am at a dead end (aside from the guess and check approach). Am I supposed to create the absent attributes within our schema, or would leaving them blank suffice since they don't exist? Thank you for reading! -Hristos From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Hristos Triantafillou Sent: Wednesday, July 13, 2011 1:58 PM To: koha-user Subject: Re: [Koha] Ldap + Active Directory Thanks Tim, We did try it with that specific case usage, but I am currently re-reviewing all of our schema values versus what we are actually using. Good catch there! If all else fails I will try to apply the patch that Ian pointed out. -Hristos From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Tim Bateson Sent: Wednesday, July 13, 2011 1:25 PM To: koha-user Subject: Re: [Koha] Ldap + Active Directory I recently got this working on on our Debiab squeeze server. I am sure one of the issues for me was that koha-conf.xml You have <userid is="samaccountname" ></userid> and to get I had issues until I corrected the case <userid is="sAMAccountName" ></userid> Also noticed you have two branchcodes and one is blank. Have you created or got a Branchcode called Main, I had issues with logon until I setup some information for our initial branch Hope the above helps, ask again if you this does not work. Tim On 13 Jul 2011 14:55, "Lori Bowen Ayre" <lori.ayre@galecia.com<mailto:lori.ayre@galecia.com>> wrote:
True! More of us would benefit from the answer but it is hard to monitor so many places at once and the super techie folks are more likely there than here. Luckily the IRC channel is logged so it isn't lost forever (see http://stats.workbuffer.org/irclog/koha/2011-07-13).
Lori
2011/7/13 bash-fu34 <licensing@high-voltage.com<mailto:licensing@high-voltage.com>>
Will try that, thanks!****
** **
Just appears that email would be more efficient and good for reference later. : )****
** **
** **
*From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
*Sent:* Wednesday, July 13, 2011 8:39 AM *To:* Licensing *Subject:* Re: Ldap + Active Directory****
** **
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that?****
** **
Here's how: Point your favorite IRC client at *click here. *
------------------------------ View this message in context: RE: Ldap + Active Directory<http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.html>
Sent from the Koha - Discuss mailing list archive<http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha
Hi again! I just now was able to authenticate to our Windows 2008 r2 domain and I wanted to thank everyone in IRC who helped point me in the right direction! I discovered a more verbose error log at "/var/log/koha/LIBRARY_NAME/opac-error.log (where LIBRARY_NAME is the name of your library), this proved invaluable to getting more feedback about what was wrong with my mapping. So to anybody that struggles with this going forward, check that log and rather than the global opac log and you will find the problem much more quickly. -Hristos From: Hristos Triantafillou Sent: Tuesday, July 19, 2011 4:20 PM To: Hristos Triantafillou; koha-user Subject: RE: [Koha] Ldap + Active Directory Greetings, With the help of sekjal in IRC I've been directed to the bottom portion of the "Auth_with_ldap.pm" file where the required mapping fields are listed. It says I can find them by checking the "borrowers" table, so I did this: # mysql -e "use koha; show COLUMNS from borrowers;" | grep NO | awk -F"\t" '{print $1}' borrowernumber surname address city branchcode categorycode These are the ones that I see as being required, correct me if I am mistaken, but some of these do not exist in our Active Directory schema. For example, we do not have an attribute type called "address", "city", or "branchcode" so I tried to map them to one we do have called "company". No success, I try to log in and am told that I have entered an incorrect username or password. There is no further information about what may be wrong in the "/var/log/koha/koha-opac-error_log" file so I am at a dead end (aside from the guess and check approach). Am I supposed to create the absent attributes within our schema, or would leaving them blank suffice since they don't exist? Thank you for reading! -Hristos From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Hristos Triantafillou Sent: Wednesday, July 13, 2011 1:58 PM To: koha-user Subject: Re: [Koha] Ldap + Active Directory Thanks Tim, We did try it with that specific case usage, but I am currently re-reviewing all of our schema values versus what we are actually using. Good catch there! If all else fails I will try to apply the patch that Ian pointed out. -Hristos From: koha-bounces@lists.katipo.co.nz [mailto:koha-bounces@lists.katipo.co.nz] On Behalf Of Tim Bateson Sent: Wednesday, July 13, 2011 1:25 PM To: koha-user Subject: Re: [Koha] Ldap + Active Directory I recently got this working on on our Debiab squeeze server. I am sure one of the issues for me was that koha-conf.xml You have <userid is="samaccountname" ></userid> and to get I had issues until I corrected the case <userid is="sAMAccountName" ></userid> Also noticed you have two branchcodes and one is blank. Have you created or got a Branchcode called Main, I had issues with logon until I setup some information for our initial branch Hope the above helps, ask again if you this does not work. Tim On 13 Jul 2011 14:55, "Lori Bowen Ayre" <lori.ayre@galecia.com<mailto:lori.ayre@galecia.com>> wrote:
True! More of us would benefit from the answer but it is hard to monitor so many places at once and the super techie folks are more likely there than here. Luckily the IRC channel is logged so it isn't lost forever (see http://stats.workbuffer.org/irclog/koha/2011-07-13).
Lori
2011/7/13 bash-fu34 <licensing@high-voltage.com<mailto:licensing@high-voltage.com>>
Will try that, thanks!****
** **
Just appears that email would be more efficient and good for reference later. : )****
** **
** **
*From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
*Sent:* Wednesday, July 13, 2011 8:39 AM *To:* Licensing *Subject:* Re: Ldap + Active Directory****
** **
Since you didn't get a response on this list, you might jump onto the IRC channel. Have you tried that?****
** **
Here's how: Point your favorite IRC client at *click here. *
------------------------------ View this message in context: RE: Ldap + Active Directory<http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.html>
Sent from the Koha - Discuss mailing list archive<http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha
This could be bug 5094 ( http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5094), which has been recently patched. If you can upgrade to 3.05.00.003 or higher, that should include that particular fix, as well as many others. Upgrading from 3.05.00.001 is highly recommended (by me). -Ian On Tue, Jun 28, 2011 at 7:37 PM, bash-fu34 <licensing@high-voltage.com>wrote:
Firstly, thank you for the awesome Debian documentation! I got this far with no trouble at all.
When I log into OPAC with an AD account I am told "You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive."
Here is some information regarding my environment (real names hidden to protect the innocent):
Koha version: 3.05.00.001 Debian Squeeze DebugLevel set to 2 Windows Server 2008 r2
koha-conf.xml (ldap section)
<useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>DOM.TLD</hostname> <base>CN=USERS,DC=DOM,DC=TLD</base> <user>cn=USERS,dc=DOM,dc=TLD</user> <pass>PASSWD</pass> <replicate>0</replicate> <update>0</update> <auth_by_bind>1</auth_by_bind> <principal_name>%s@DOM.TLD</principal_name> <mapping> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="postaladdress" ></address> <city is="" >CITY, ST</city> <zipcode is="postalcode" ></zipcode--> <branchcode is="branch" >MAIN</branchcode> <branchcode is="" ></branchcode> <userid is="samaccountname" ></userid> <password is="userpassword" ></password>
<categorycode is="employeetype" >PT</categorycode> <categorycode is="" >PT</categorycode> <phone is="telephonenumber"></phone> </mapping> </ldapserver>
I have tried enabling replicate and/or update, when I do I see the following error:
Can't call method "exists" on an undefined value at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 522.
Line 168 contains:
$userldapentry->exists('uid');
I've tried changing 'uid' to 'samaccount' since that's what I have in our schema but the error is the same.
I see that one user was able to get AD working by editing the Auth_with_ldap.pm file:
http://lists.katipo.co.nz/public/koha/2009-May/018547.html
The page he links to does not seem to be available at the moment, not even a google-cached version. When I make the edits that he mentions Koha will not even load and I get this error:
Software error:
Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 141, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 142, <DATA> line 522. Global symbol "$res" requires explicit package name at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 143, <DATA> line 522. Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 50, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 67, <DATA> line 522. Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522. BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-user.pl line 25, <DATA> line 522.
I have spent most of the day reading through any and all Ldap/AD-related posts on the Koha mailing lists but I don't see anything that stands out as what I am doing wrong or that applies to my situation.
Is there some other way to get more verbose feedback, or perhaps something that should be done differently for Server 2008?
Thanks for reading :-)
-- View this message in context: http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4533702.ht... Sent from the Koha - Discuss mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
-- Ian Walls Lead Development Specialist ByWater Solutions Phone # (888) 900-8944 http://bywatersolutions.com ian.walls@bywatersolutions.com Twitter: @sekjal
participants (6)
-
bash-fu34 -
Hristos Triantafillou -
Ian Walls -
Licensing
-
Lori Bowen Ayre -
Tim Bateson