Koha - Active Directory LDAP struggles
I've tried searching the archives and can't seem to find the answer. When we use a correct username/password, the login page generates a Software Error: LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0, comment: Error processing name, data 0, v3839 at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 97. Our conf file is set up like this: <useldapserver>1</useldapserver> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>ldaps://ldap.azag.gov</hostname> <base>"OU=XX,DC=XXXX,DC=XXX"</base> <user>ldapauth</user><!-- DN, if not anonymous --> <pass>XXXXXX</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use A$ --> <anonymous_bind>0</anonymous_bind> <principal_name>%s</principal_name> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <userid is="sAMAccountName"></userid> <password is="userpassword"></password> <firstname is="givenname"></firstname> <surname is="sn"></surname> <branchcode is="">XXXX</branchcode> <categorycode is="">PT</categorycode> <email is="mail"></email> </mapping> </ldapserver> When logging in, we have to use "username@XXXX.XXX" instead of just "username". However, our emails are formatted "firstname.lastname@XXXX.XXX". I thought this might be the reason it's generating the error, but I'm not sure how to change the config file to reflect that. Or if I need to change the auth_with_ldap file. Thanks, Michael
Hello Michael, if your users will insert usernames as *firstname.lastname* in koha, and you need to match it as firstname.lastname@XXXX.XXX in your ldap server then you need to update your config like this : <principal_name>%s@XXXX.XXX</principal_name> Hope this can help Best wishes On Wed, May 26, 2021 at 10:44 PM Michael BC <sanbient@gmail.com> wrote:
I've tried searching the archives and can't seem to find the answer. When we use a correct username/password, the login page generates a Software Error:
LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0, comment: Error processing name, data 0, v3839 at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 97.
Our conf file is set up like this:
<useldapserver>1</useldapserver> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>ldaps://ldap.azag.gov</hostname> <base>"OU=XX,DC=XXXX,DC=XXX"</base> <user>ldapauth</user><!-- DN, if not anonymous --> <pass>XXXXXX</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use A$ --> <anonymous_bind>0</anonymous_bind> <principal_name>%s</principal_name> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <userid is="sAMAccountName"></userid> <password is="userpassword"></password> <firstname is="givenname"></firstname> <surname is="sn"></surname> <branchcode is="">XXXX</branchcode> <categorycode is="">PT</categorycode> <email is="mail"></email> </mapping> </ldapserver>
When logging in, we have to use "username@XXXX.XXX" instead of just "username". However, our emails are formatted "firstname.lastname@XXXX.XXX ". I thought this might be the reason it's generating the error, but I'm not sure how to change the config file to reflect that. Or if I need to change the auth_with_ldap file.
Thanks, Michael _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- *Karam Qubsi*
Thank you, another user reached out. It turned out that my userid attribute needed to be "userPrincipalName" to work within the environment. On Thu, May 27, 2021, 7:16 AM Karam Qubsi <karam@xentralmethods.com> wrote:
Hello Michael,
if your users will insert usernames as *firstname.lastname* in koha, and you need to match it as firstname.lastname@XXXX.XXX in your ldap server then you need to update your config like this : <principal_name>%s@XXXX.XXX</principal_name>
Hope this can help Best wishes
On Wed, May 26, 2021 at 10:44 PM Michael BC <sanbient@gmail.com> wrote:
I've tried searching the archives and can't seem to find the answer. When we use a correct username/password, the login page generates a Software Error:
LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0, comment: Error processing name, data 0, v3839 at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 97.
Our conf file is set up like this:
<useldapserver>1</useldapserver> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>ldaps://ldap.azag.gov</hostname> <base>"OU=XX,DC=XXXX,DC=XXX"</base> <user>ldapauth</user><!-- DN, if not anonymous --> <pass>XXXXXX</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use A$ --> <anonymous_bind>0</anonymous_bind> <principal_name>%s</principal_name> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <userid is="sAMAccountName"></userid> <password is="userpassword"></password> <firstname is="givenname"></firstname> <surname is="sn"></surname> <branchcode is="">XXXX</branchcode> <categorycode is="">PT</categorycode> <email is="mail"></email> </mapping> </ldapserver>
When logging in, we have to use "username@XXXX.XXX" instead of just "username". However, our emails are formatted "firstname.lastname@XXXX.XXX ". I thought this might be the reason it's generating the error, but I'm not sure how to change the config file to reflect that. Or if I need to change the auth_with_ldap file.
Thanks, Michael _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- *Karam Qubsi*
Glad it worked :) On Thu, May 27, 2021 at 10:23 PM Michael BC <sanbient@gmail.com> wrote:
Thank you, another user reached out.
It turned out that my userid attribute needed to be "userPrincipalName" to work within the environment.
On Thu, May 27, 2021, 7:16 AM Karam Qubsi <karam@xentralmethods.com> wrote:
Hello Michael,
if your users will insert usernames as *firstname.lastname* in koha, and you need to match it as firstname.lastname@XXXX.XXX in your ldap server then you need to update your config like this : <principal_name>%s@XXXX.XXX</principal_name>
Hope this can help Best wishes
On Wed, May 26, 2021 at 10:44 PM Michael BC <sanbient@gmail.com> wrote:
I've tried searching the archives and can't seem to find the answer. When we use a correct username/password, the login page generates a Software Error:
LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0, comment: Error processing name, data 0, v3839 at /usr/share/koha/lib/C4/Auth_with_ldap.pm line 97.
Our conf file is set up like this:
<useldapserver>1</useldapserver> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>ldaps://ldap.azag.gov</hostname> <base>"OU=XX,DC=XXXX,DC=XXX"</base> <user>ldapauth</user><!-- DN, if not anonymous --> <pass>XXXXXX</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use A$ --> <anonymous_bind>0</anonymous_bind> <principal_name>%s</principal_name> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <userid is="sAMAccountName"></userid> <password is="userpassword"></password> <firstname is="givenname"></firstname> <surname is="sn"></surname> <branchcode is="">XXXX</branchcode> <categorycode is="">PT</categorycode> <email is="mail"></email> </mapping> </ldapserver>
When logging in, we have to use "username@XXXX.XXX" instead of just "username". However, our emails are formatted "firstname.lastname@XXXX.XXX". I thought this might be the reason it's generating the error, but I'm not sure how to change the config file to reflect that. Or if I need to change the auth_with_ldap file.
Thanks, Michael _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- *Karam Qubsi*
-- *Karam Qubsi*
participants (2)
-
Karam Qubsi -
Michael BC