Hi all, Earlier this month Anselm Olweny wrote: ====== I have installed koha in my institution library and would like patrons to login at the opac using their active directory accounts. I have followed the instructions in the Auth_with_ldap.pm file and made the necessary changes in the koha-conf.xml file. I have koha version 3.0100041, however when I login using a valid Active Directory account I get "You entered an incorrect username or password." in the opac. There are also no errors in both apache and koha error logs. I am kindly requesting for any assistance in making this work. I would appreciate help relating to what changes I may need to do in active directory as well or Auth_with_ldap.pm. I have attached a copy of my koha-conf.xml so that you may show me what am getting wrong. ====== I have exactly the same problem: incorrect username, password. I haven't modified auth_with_ldap.pm . See my koha-conf.xml attached. What are we doing wrong? Where can we debug? koha-conf.xml: <yazgfs> <!-- [scheme:]host[:port][/databaseName] --> <!-- scheme: tcp, ssl, unix, http, sru --> <!-- can run all servers on tcp, but the unix socket is faster --> <listen id="biblioserver" >unix:/var/run/koha/zebradb/bibliosocket</listen> <listen id="authorityserver" >unix:/var/run/koha/zebradb/authoritysocket</listen> <!-- public server runs on tcp --> <!-- <listen id="publicserver" >tcp:@:9999</listen> --> <!-- Settings for special biblio server instance for PazPar2. Because PazPar2 only connects to a Z39.50 server using TCP/IP, it cannot use the Unix-domain socket that biblioserver uses. Therefore, a custom server is defined. --> <!-- <listen id="mergeserver">tcp:@:11001</listen> <server id="mergeserver" listenref="mergeserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> </server> --> <!-- BIBLIOGRAPHIC RECORDS --> <server id="biblioserver" listenref="biblioserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="F"/> <retrieval syntax="xml" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rss2"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RSS2.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> <xi:include href="/etc/koha/zebradb/explain-biblios.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9998</port> <database>biblios</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="biblioserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo> <!-- AUTHORITY RECORDS --> <server id="authorityserver" listenref="authorityserver" > <directory>/var/lib/koha/zebradb/authorities</directory> <config>/etc/koha/zebradb/zebra-authorities.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <xi:include href="/etc/koha/zebradb/retrieval-info-auth-grs1.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> </xi:fallback> </xi:include> <xi:include href="/etc/koha/zebradb/explain-authorities.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9999</port> <database>authorities</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="authorityserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo> <!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE --> <!-- db_scheme should follow the DBD driver name --> <!-- port info: mysql:3306 Pg:5432 (5433 on Debian) --> <config> <db_scheme>mysql</db_scheme> <database>koha</database> <hostname>localhost</hostname> <port>3306</port> <user>kohaadmin</user> <pass>[our kohaadmin pw]</pass> <biblioserver>biblios</biblioserver> <biblioservershadow>1</biblioservershadow> <authorityserver>authorities</authorityserver> <authorityservershadow>1</authorityservershadow> <intranetdir>/usr/share/koha/intranet/cgi-bin</intranetdir> <opacdir>/usr/share/koha/opac/cgi-bin/opac</opacdir> <opachtdocs>/usr/share/koha/opac/htdocs/opac-tmpl</opachtdocs> <intrahtdocs>/usr/share/koha/intranet/htdocs/intranet-tmpl</intrahtdocs> <includes>/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/</includes> <logdir>/var/log/koha</logdir> <pazpar2url>http://kohadeb:11002/search.pz2</pazpar2url> <install_log>/usr/share/koha/misc/koha-install-log</install_log> <useldapserver>1</useldapserver> <!-- LDAP SERVER (optional) --> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>nlvhtcway1dc001.code1.emi.philips.com</hostname> <base>dc=code1,dc=emi,dc=philips,dc=com</base> <user>[our admin CN ]</user> <!-- DN, if not anonymous --> <pass>[our password]</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use Active Directory --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <firstname is="givenName" ></firstname> <surname is="sn" ></surname> <address is="company" ></address> <city is="l" >Athens, OH</city> <zipcode is="postalCode" ></zipcode> <branchcode is="branch" >MAIN</branchcode> <userid is="sAMAccountName" ></userid> <password is="userPassword" ></password> <email is="mail" ></email> <categorycode is="employeeType" >PT</categorycode> <phone is="telephoneNumber"></phone> </mapping> </ldapserver> </config> </yazgfs> Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894 The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
Try auth_by_bind, optionally with a "principal_name" setting, if your version is newer than June 30, 2009, when this patch was applied: http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=7c2e7ad410e59d6f0c2... principal_name is designed to compensate for the differences between openldap and active directory. --Joe On Mon, Sep 14, 2009 at 11:55 AM, Nijnatten, Jan van < jan.v.nijnatten@philips.com> wrote:
Hi all,
Earlier this month Anselm Olweny wrote:
====== I have installed koha in my institution library and would like patrons to login at the opac using their active directory accounts.
I have followed the instructions in the Auth_with_ldap.pm file and made the necessary changes in the koha-conf.xml file.
I have koha version 3.0100041, however when I login using a valid Active Directory account I get "You entered an incorrect username or password." in the opac. There are also no errors in both apache and koha error logs.
I am kindly requesting for any assistance in making this work. I would appreciate help relating to what changes I may need to do in active directory as well or Auth_with_ldap.pm. I have attached a copy of my koha-conf.xml so that you may show me what am getting wrong. ======
I have exactly the same problem: incorrect username, password. I haven't modified auth_with_ldap.pm .
See my koha-conf.xml attached.
What are we doing wrong? Where can we debug?
koha-conf.xml: <yazgfs> <!-- [scheme:]host[:port][/databaseName] --> <!-- scheme: tcp, ssl, unix, http, sru --> <!-- can run all servers on tcp, but the unix socket is faster -->
<listen id="biblioserver" >unix:/var/run/koha/zebradb/bibliosocket</listen> <listen id="authorityserver"
unix:/var/run/koha/zebradb/authoritysocket</listen> <!-- public server runs on tcp --> <!-- <listen id="publicserver" >tcp:@:9999</listen> -->
<!-- Settings for special biblio server instance for PazPar2. Because PazPar2 only connects to a Z39.50 server using TCP/IP, it cannot use the Unix-domain socket that biblioserver uses. Therefore, a custom server is defined. --> <!-- <listen id="mergeserver">tcp:@:11001</listen> <server id="mergeserver" listenref="mergeserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> </server> -->
<!-- BIBLIOGRAPHIC RECORDS --> <server id="biblioserver" listenref="biblioserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="F"/> <retrieval syntax="xml" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rss2"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RSS2.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> <xi:include href="/etc/koha/zebradb/explain-biblios.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9998</port> <database>biblios</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="biblioserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo>
<!-- AUTHORITY RECORDS --> <server id="authorityserver" listenref="authorityserver" > <directory>/var/lib/koha/zebradb/authorities</directory> <config>/etc/koha/zebradb/zebra-authorities.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <xi:include href="/etc/koha/zebradb/retrieval-info-auth-grs1.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> </xi:fallback> </xi:include> <xi:include href="/etc/koha/zebradb/explain-authorities.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9999</port> <database>authorities</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="authorityserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo>
<!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE -->
<!-- db_scheme should follow the DBD driver name --> <!-- port info: mysql:3306 Pg:5432 (5433 on Debian) --> <config> <db_scheme>mysql</db_scheme> <database>koha</database> <hostname>localhost</hostname> <port>3306</port> <user>kohaadmin</user> <pass>[our kohaadmin pw]</pass> <biblioserver>biblios</biblioserver> <biblioservershadow>1</biblioservershadow> <authorityserver>authorities</authorityserver> <authorityservershadow>1</authorityservershadow> <intranetdir>/usr/share/koha/intranet/cgi-bin</intranetdir> <opacdir>/usr/share/koha/opac/cgi-bin/opac</opacdir> <opachtdocs>/usr/share/koha/opac/htdocs/opac-tmpl</opachtdocs> <intrahtdocs>/usr/share/koha/intranet/htdocs/intranet-tmpl</intrahtdocs>
<includes>/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/</includes> <logdir>/var/log/koha</logdir> <pazpar2url>http://kohadeb:11002/search.pz2</pazpar2url> <install_log>/usr/share/koha/misc/koha-install-log</install_log> <useldapserver>1</useldapserver> <!-- LDAP SERVER (optional) --> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>nlvhtcway1dc001.code1.emi.philips.com</hostname> <base>dc=code1,dc=emi,dc=philips,dc=com</base> <user>[our admin CN ]</user> <!-- DN, if not anonymous --> <pass>[our password]</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use Active Directory --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <firstname is="givenName" ></firstname> <surname is="sn" ></surname> <address is="company" ></address> <city is="l" >Athens, OH</city> <zipcode is="postalCode" ></zipcode> <branchcode is="branch" >MAIN</branchcode> <userid is="sAMAccountName" ></userid> <password is="userPassword" ></password> <email is="mail" ></email> <categorycode is="employeeType" >PT</categorycode> <phone is="telephoneNumber"></phone> </mapping> </ldapserver> </config> </yazgfs>
Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. _______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Hi Joe, Thanks for the suggestion, but I'm still stuck: My auth_with_ldap.pm is probably before June 30th (3.00.02.12), so I patched it. Tried the principal_name tag with the correct domain but then the logging states: [Tue Sep 15 17:31:31 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:31:31 2009] opac-user.pl: Can't call method "exists" on an undefined value at /home/koha/source/C4/Auth_with_ldap.pm line 168, <DATA> line 253., referer: http://130.145.169.217/cgi-bin/koha/opac-main.pl If i don't patch auth_with_ldap.pm and don't use principal_name I'm getting: [Tue Sep 15 17:43:56 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:43:56 2009] opac-user.pl: LDAP Auth rejected : invalid password for user 'nlv04101'. LDAP error #16: LDAP_NO_SUCH_ATTRIBUTE, referer: http://130.145.169.217/cgi-bin/koha/opac-user.pl I've tried binding and no binding.... I can search my ldap server; I have the feeling the userPassword entry doesn't exist ... but how do I check? Any idea how I can proceed? best regards, Jan ________________________________________ From: Joe Atzberger [ohiocore@gmail.com] Sent: Tuesday, September 15, 2009 2:54 AM To: Nijnatten, Jan van Cc: koha@lists.katipo.co.nz Subject: Re: [Koha] LDAP auth and Active Directory Try auth_by_bind, optionally with a "principal_name" setting, if your version is newer than June 30, 2009, when this patch was applied: http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=7c2e7ad410e59d6f0c2... principal_name is designed to compensate for the differences between openldap and active directory. --Joe On Mon, Sep 14, 2009 at 11:55 AM, Nijnatten, Jan van <jan.v.nijnatten@philips.com<mailto:jan.v.nijnatten@philips.com>> wrote: Hi all, Earlier this month Anselm Olweny wrote: ====== I have installed koha in my institution library and would like patrons to login at the opac using their active directory accounts. I have followed the instructions in the Auth_with_ldap.pm file and made the necessary changes in the koha-conf.xml file. I have koha version 3.0100041, however when I login using a valid Active Directory account I get "You entered an incorrect username or password." in the opac. There are also no errors in both apache and koha error logs. I am kindly requesting for any assistance in making this work. I would appreciate help relating to what changes I may need to do in active directory as well or Auth_with_ldap.pm. I have attached a copy of my koha-conf.xml so that you may show me what am getting wrong. ====== I have exactly the same problem: incorrect username, password. I haven't modified auth_with_ldap.pm<http://auth_with_ldap.pm> . See my koha-conf.xml attached. What are we doing wrong? Where can we debug? koha-conf.xml: <yazgfs> <!-- [scheme:]host[:port][/databaseName] --> <!-- scheme: tcp, ssl, unix, http, sru --> <!-- can run all servers on tcp, but the unix socket is faster --> <listen id="biblioserver" >unix:/var/run/koha/zebradb/bibliosocket</listen> <listen id="authorityserver" >unix:/var/run/koha/zebradb/authoritysocket</listen> <!-- public server runs on tcp --> <!-- <listen id="publicserver" >tcp:@:9999</listen> --> <!-- Settings for special biblio server instance for PazPar2. Because PazPar2 only connects to a Z39.50 server using TCP/IP, it cannot use the Unix-domain socket that biblioserver uses. Therefore, a custom server is defined. --> <!-- <listen id="mergeserver">tcp:@:11001</listen> <server id="mergeserver" listenref="mergeserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> </server> --> <!-- BIBLIOGRAPHIC RECORDS --> <server id="biblioserver" listenref="biblioserver"> <directory>/var/lib/koha/zebradb/biblios</directory> <config>/etc/koha/zebradb/zebra-biblios.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="F"/> <retrieval syntax="xml" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rss2"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RSS2.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> <xi:include href="/etc/koha/zebradb/explain-biblios.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9998</port> <database>biblios</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="biblioserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo> <!-- AUTHORITY RECORDS --> <server id="authorityserver" listenref="authorityserver" > <directory>/var/lib/koha/zebradb/authorities</directory> <config>/etc/koha/zebradb/zebra-authorities.cfg</config> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn> <!-- <docpath>xsl</docpath> --> <!-- <stylesheet>xsl/default.xsl</stylesheet> --> <!-- <maximumrecordsize>2000000</maximumrecordsize> --> <xi:include href="/etc/koha/zebradb/retrieval-info-auth-grs1.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <retrievalinfo> <retrieval syntax="usmarc" name="F"/> <retrieval syntax="usmarc" name="B"/> <retrieval syntax="xml" name="marcxml" identifier="info:srw/schema/1/marcxml-v1.1"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> </backend> </retrieval> <retrieval syntax="xml" name="dc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="mods"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="rdfdc"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/> </backend> </retrieval> <retrieval syntax="xml" name="utils"> <backend syntax="usmarc" name="F"> <marc inputformat="marc" outputformat="marcxml" inputcharset="utf-8"/> <xslt stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/> </backend> </retrieval> </retrievalinfo> </xi:fallback> </xi:include> <xi:include href="/etc/koha/zebradb/explain-authorities.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:fallback> <explain xmlns="http://explain.z3950.org/dtd/2.0/"> <serverInfo> <host>localhost</host> <port>9999</port> <database>authorities</database> </serverInfo> </explain> </xi:fallback> </xi:include> </server> <serverinfo id="authorityserver"> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn> <user>kohauser</user> <password>[our kohauser pw]</password> </serverinfo> <!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE --> <!-- db_scheme should follow the DBD driver name --> <!-- port info: mysql:3306 Pg:5432 (5433 on Debian) --> <config> <db_scheme>mysql</db_scheme> <database>koha</database> <hostname>localhost</hostname> <port>3306</port> <user>kohaadmin</user> <pass>[our kohaadmin pw]</pass> <biblioserver>biblios</biblioserver> <biblioservershadow>1</biblioservershadow> <authorityserver>authorities</authorityserver> <authorityservershadow>1</authorityservershadow> <intranetdir>/usr/share/koha/intranet/cgi-bin</intranetdir> <opacdir>/usr/share/koha/opac/cgi-bin/opac</opacdir> <opachtdocs>/usr/share/koha/opac/htdocs/opac-tmpl</opachtdocs> <intrahtdocs>/usr/share/koha/intranet/htdocs/intranet-tmpl</intrahtdocs> <includes>/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/</includes> <logdir>/var/log/koha</logdir> <pazpar2url>http://kohadeb:11002/search.pz2</pazpar2url> <install_log>/usr/share/koha/misc/koha-install-log</install_log> <useldapserver>1</useldapserver> <!-- LDAP SERVER (optional) --> <ldapserver id="ldapserver" listenref="ldapserver"> <hostname>nlvhtcway1dc001.code1.emi.philips.com<http://nlvhtcway1dc001.code1.emi.philips.com></hostname> <base>dc=code1,dc=emi,dc=philips,dc=com</base> <user>[our admin CN ]</user> <!-- DN, if not anonymous --> <pass>[our password]</pass> <!-- password, if not anonymous --> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use Active Directory --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <firstname is="givenName" ></firstname> <surname is="sn" ></surname> <address is="company" ></address> <city is="l" >Athens, OH</city> <zipcode is="postalCode" ></zipcode> <branchcode is="branch" >MAIN</branchcode> <userid is="sAMAccountName" ></userid> <password is="userPassword" ></password> <email is="mail" ></email> <categorycode is="employeeType" >PT</categorycode> <phone is="telephoneNumber"></phone> </mapping> </ldapserver> </config> </yazgfs> Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894 The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. _______________________________________________ Koha mailing list Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
Nijnatten, Jan van a écrit :
Hi Joe,
Thanks for the suggestion, but I'm still stuck:
My auth_with_ldap.pm is probably before June 30th (3.00.02.12), so I patched it. Tried the principal_name tag with the correct domain but then the logging states:
[Tue Sep 15 17:31:31 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:31:31 2009] opac-user.pl: Can't call method "exists" on an undefined value at /home/koha/source/C4/Auth_with_ldap.pm line 168, <DATA> line 253., referer: http://130.145.169.217/cgi-bin/koha/opac-main.pl
If i don't patch auth_with_ldap.pm and don't use principal_name I'm getting:
[Tue Sep 15 17:43:56 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:43:56 2009] opac-user.pl: LDAP Auth rejected : invalid password for user 'nlv04101'. LDAP error #16: LDAP_NO_SUCH_ATTRIBUTE, referer: http://130.145.169.217/cgi-bin/koha/opac-user.pl
I've tried binding and no binding....
I can search my ldap server; I have the feeling the userPassword entry doesn't exist ... but how do I check? Any idea how I can proceed?
best regards, Jan
________________________________________
Hi Jan, I am sending right now a patch accounting for such a problem. It happens that when auth_by_bind, the search object was never retrieved, so that things where a little confused. Regards -- Henri-Damien LAURENT
Hi Henri-Damien, Joe, all, Thanks. Indeed that latest patch seems to get me further ... but Koha can't add the authenticated member .... I'm sure you guys know what final step I must take to make this work... well hoping at least ....: [Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails (`koha/borrowers`, CONSTRAINT `borrowers_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) at /home/koha/source/C4/Members.pm line 770, <DATA> line 253., referer: http://130.145.169.217/ [Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: AddMember failed at /home/koha/source/C4/Auth_with_ldap.pm line 145., referer: http://130.145.169.217/ Jan Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894 ________________________________________ From: Henri-Damien LAURENT [henridamien.laurent@gmail.com] On Behalf Of LAURENT Henri-Damien [henridamien.laurent@biblibre.com] Sent: Tuesday, September 15, 2009 6:59 PM To: Nijnatten, Jan van Cc: Joe Atzberger; koha@lists.katipo.co.nz Subject: Re: [Koha] LDAP auth and Active Directory Nijnatten, Jan van a écrit :
Hi Joe,
Thanks for the suggestion, but I'm still stuck:
My auth_with_ldap.pm is probably before June 30th (3.00.02.12), so I patched it. Tried the principal_name tag with the correct domain but then the logging states:
[Tue Sep 15 17:31:31 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:31:31 2009] opac-user.pl: Can't call method "exists" on an undefined value at /home/koha/source/C4/Auth_with_ldap.pm line 168, <DATA> line 253., referer: http://130.145.169.217/cgi-bin/koha/opac-main.pl
If i don't patch auth_with_ldap.pm and don't use principal_name I'm getting:
[Tue Sep 15 17:43:56 2009] [error] [client 130.145.169.252] [Tue Sep 15 17:43:56 2009] opac-user.pl: LDAP Auth rejected : invalid password for user 'nlv04101'. LDAP error #16: LDAP_NO_SUCH_ATTRIBUTE, referer: http://130.145.169.217/cgi-bin/koha/opac-user.pl
I've tried binding and no binding....
I can search my ldap server; I have the feeling the userPassword entry doesn't exist ... but how do I check? Any idea how I can proceed?
best regards, Jan
________________________________________
Hi Jan, I am sending right now a patch accounting for such a problem. It happens that when auth_by_bind, the search object was never retrieved, so that things where a little confused. Regards -- Henri-Damien LAURENT The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
Nijnatten, Jan van a écrit :
Hi Henri-Damien, Joe, all,
Thanks. Indeed that latest patch seems to get me further ... but Koha can't add the authenticated member .... I'm sure you guys know what final step I must take to make this work... well hoping at least ....:
[Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails (`koha/borrowers`, CONSTRAINT `borrowers_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) at /home/koha/source/C4/Members.pm line 770, <DATA> line 253., referer: http://130.145.169.217/ [Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: AddMember failed at /home/koha/source/C4/Auth_with_ldap.pm line 145., referer: http://130.145.169.217/
here you bave a problem with branchcode mapping, please consider to have valid default branch assignment for branchcode in your koha-conf.xml -- Henri-Damien LAURENT
You're right; chossing a correct branchecode as default in koha configuration did the trick. Many thanks. When will this patch be released? Jan van Nijnatten MSc | information architect | Philips Research - HTC 34 p076 | +31.40.27.47894 ________________________________________ From: Henri-Damien LAURENT [henridamien.laurent@gmail.com] On Behalf Of LAURENT Henri-Damien [henridamien.laurent@biblibre.com] Sent: Wednesday, September 16, 2009 11:33 AM To: Nijnatten, Jan van Cc: Joe Atzberger; koha@lists.katipo.co.nz Subject: Re: [Koha] LDAP auth and Active Directory Nijnatten, Jan van a écrit :
Hi Henri-Damien, Joe, all,
Thanks. Indeed that latest patch seems to get me further ... but Koha can't add the authenticated member .... I'm sure you guys know what final step I must take to make this work... well hoping at least ....:
[Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails (`koha/borrowers`, CONSTRAINT `borrowers_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) at /home/koha/source/C4/Members.pm line 770, <DATA> line 253., referer: http://130.145.169.217/ [Wed Sep 16 11:08:55 2009] [error] [client 130.145.169.252] [Wed Sep 16 11:08:55 2009] opac-user.pl: AddMember failed at /home/koha/source/C4/Auth_with_ldap.pm line 145., referer: http://130.145.169.217/
here you bave a problem with branchcode mapping, please consider to have valid default branch assignment for branchcode in your koha-conf.xml -- Henri-Damien LAURENT The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
Hi, On Wed, Sep 16, 2009 at 5:35 AM, Nijnatten, Jan van <jan.v.nijnatten@philips.com> wrote:
You're right; chossing a correct branchecode as default in koha configuration did the trick. Many thanks.
When will this patch be released?
This patch (or rather, a revised one that improves on the one that Henri emailed by making the LDAP authentication mode an option) is available in the public HEAD of the Git repository for 3.2 and is also available in the Koha maintenance branch that Henri is working on that will shortly be released as 3.0.4. Regards, Galen -- Galen Charlton gmcharlt@gmail.com
Hi, Apologies, I was thinking of a different Auth_with_ldap.pm patch. I will push it once Henri formally submits this patch. Regards, Galen On Wed, Sep 16, 2009 at 6:57 AM, Galen Charlton <gmcharlt@gmail.com> wrote:
Hi,
On Wed, Sep 16, 2009 at 5:35 AM, Nijnatten, Jan van <jan.v.nijnatten@philips.com> wrote:
You're right; chossing a correct branchecode as default in koha configuration did the trick. Many thanks.
When will this patch be released?
This patch (or rather, a revised one that improves on the one that Henri emailed by making the LDAP authentication mode an option) is available in the public HEAD of the Git repository for 3.2 and is also available in the Koha maintenance branch that Henri is working on that will shortly be released as 3.0.4.
Regards,
Galen -- Galen Charlton gmcharlt@gmail.com
-- Galen Charlton gmcharlt@gmail.com
participants (4)
-
Galen Charlton -
Joe Atzberger -
LAURENT Henri-Damien -
Nijnatten, Jan van