Hi all, Ok, below is my understanding of what is happening here. I have written some emails about this (koha/ldap) to the koha list, but never received a reply. :-( Please do correct me if I'm wrong... I think this is what is going on: koha uses a strange way to check the password. Note: I'm running an older koha version (2.2.6), so things might have changed since then..? The NORMAL way to verify a password is to try to authenticate to the ldap server using the username/password combination the user typed. If the connection works, the combination is correct. If the connection fails, the password of username is wrong. Koha tries to actually compare the two passwords itself, and this will not always work. (due to password encryption, or access control lists that prevent the password to be given out on the ldapserver) Personally I find it a strange and unsafe way to check for a correct password. Anyway, below is my Auth.pm, that tries to bind to the ldap server with the username/password the user gave us, and then reports success or failure. Note: I'm running 2.2.6! ################################################## ### LOCAL ### Change the code below to match your own LDAP server. ################################################## # LDAP connection parameters # LDAP server my $ldapserver = 'x.x.x.x'; # Base DN for users my $name = "ou=users,dc=blah,dc=blah"; # Bind uses the users full DN, if uid doesn't work try "cn" my $binddn = "uid=$userid,$name"; my $db = Net::LDAP->new( $ldapserver ); # do bind my $res =$db->bind( dn =>$binddn, password =>$password); # check result, any other result than LDAP_SUCCESS (0) # is a problem if($res->code != 0 ) { # auth refused warn "Auth failed. LDAP server not responding or invalid credentials provided"; Maybe this helps? Regards, Mourik Jan Guillaume Hatt wrote:

Hi everyone, I have Koha working (2.2.9), and I try to connect the readers who are stored in our LDAP. The connection to LDAP server is OK, Koha can find the reader login, but authentication fails.

In my log, I can see : LDAP Auth impossible : wrong password at /usr/local/koha/intranet/modules/C4/Auth.pm line 533, <DATA> line 430.

I use Auth_LDAP.pm renamed as Auth.pm, and I think the problem is there (line 527) : my $userldapentry=$userdnsearch -> shift_entry; my $cmpmesg = $db -> compare ( $userldapentry, attr => 'userPassword', value => $password ); ## HACK LMK ## ligne originale #if( $cmpmesg -> code != 6 ) { if( ( $cmpmesg -> code != 6 ) && ! ( $password eq "kivabien" ) ) { warn "LDAP Auth impossible : wrong password"; return 0; };

In our LDAP, the password is in the field userPassword but is crypted. I think I must replace "kivabien" with something, but I don't know what...

Has anybody an idea ? Is there an exemple on other site with Koha ?

Thanks. G. Hatt

_______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha