Good Afternoon All I am playing with the idea of using LDAP for user authentication and to use this feature to populate the Koha patron db. I know the patron db will not be populated automatically only when a user logs in. So my issue/question is that I can match up the usual LDAP fields with the corresponding ones in KOha like , first name and last name. I can even find one to use for Branch but I am having trouble finding one for patron type. I do see in the instructions for ldap ( http://wiki.koha.org/doku.php?id=en:development:ldap) that there is a "categorycode" field, is this the field for patron type or is there another? If it is the field, does anyone know a field in LDAP/AD to use to hold this information? Thanks Ed Edward J. Roche Network Administrator Solanco School District 717.786.2151 x2437 "At the End of the Day, Did You Play to Win or Not to Lose?"
So my issue/question is that I can match up the usual LDAP fields with the corresponding ones in KOha like , first name and last name. I can even find one to use for Branch but I am having trouble finding one for patron type. I do see in the instructions for ldap ( http://wiki.koha.org/doku.php?id=en:development:ldap) that there is a “categorycode” field, is this the field for patron type or is there another? If it is the field, does anyone know a field in LDAP/AD to use to hold this information?
You are unlikely to represent perfectly matching Koha patron categories in LDAP, unless you have set up categories in Koha to match something that already existed in LDAP. Usually it is easiest to just set a default general patron category. -- Joe Atzberger LibLime - Open Source Library Solutions
Joe, If you wanted to just authenticate and not update the borrowers using LDAP can this be done? I don't want to "compare" logins/passwords - maybe logins only? David Schuster Joe Atzberger wrote:
So my issue/question is that I can match up the usual LDAP fields with the corresponding ones in KOha like , first name and last name. I can even find one to use for Branch but I am having trouble finding one for patron type. I do see in the instructions for ldap ( http://wiki.koha.org/doku.php?id=en:development:ldap) that there is a “categorycode” field, is this the field for patron type or is there another? If it is the field, does anyone know a field in LDAP/AD to use to hold this information?
You are unlikely to represent perfectly matching Koha patron categories in LDAP, unless you have set up categories in Koha to match something that already existed in LDAP. Usually it is easiest to just set a default general patron category.
-- Joe Atzberger LibLime - Open Source Library Solutions
_______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
-- View this message in context: http://www.nabble.com/LDAP-Attributes-tp24380510p24400430.html Sent from the Koha - Discuss mailing list archive at Nabble.com.
On Wed, Jul 8, 2009 at 6:21 PM, David Schuster <dschust1@tx.rr.com> wrote:
If you wanted to just authenticate and not update the borrowers using LDAP can this be done?
Yes, this would be update OFF with auth_by_bind ON, but you should consider whether or not you really get what you want out of this situation. See the POD comments from my recently submitted LDAP patch: Once a user has been accepted by the LDAP server, there are several possibilities for how Koha will behave, depending on your configuration and the presence of a matching Koha user in your local DB: LOCAL_USER OPTION UPDATE REPLICATE EXISTS? RESULT A1 1 1 1 OK : We’re updating them anyway. A2 1 1 0 OK : We’re adding them anyway. B1 1 0 1 OK : We update them. B2 1 0 0 FAIL: We cannot add new user. C1 0 1 1 OK : We do nothing. C2 0 1 0 OK : We add the new user. D1 0 0 1 OK : We do nothing. D2 0 0 0 FAIL: We cannot add new user. Note: failure here just means that Koha will fallback to checking the local DB. That is, a given user could login with their LDAP password OR their local one. If this is a problem, then you should enable update and supply a mapping for password. Then the local value will be updated at successful LDAP login and the passwords will be synced. If you choose NOT to update local users, the borrowers table will not be affected at all. Note that this means that patron passwords may appear to change if LDAP is ever disabled, because the local table never contained the LDAP values. *auth_by_bind * Binds as the user instead of retrieving their record. Recommended if update disabled.
I don't want to "compare" logins/passwords - maybe logins only?
No, that wouldn't mean anything in terms of authentication.
participants (3)
-
David Schuster -
Joe Atzberger -
Roche III, Edward