[Koha] LDAP authentication

KL Nasveschuk klnasveschuk at klnconsulting.net
Tue Dec 13 06:53:34 NZDT 2005


Hello,
The query to LDAP works correctly. I put the ldap server in debug (slapd
-d 3) and watch what transpires. In debug mode ldap returns all
attributes for a user on search (error and output goes to screen).

If I put in a bogus uid it returns:
bdb_search: no candidates
 
Cn or uid works, I guess it just matters what is being indexed in LDAP.

I can't determine what is happening in the Koha side. Any suggestions on
how to better debug the Perl side (from anyone). Just wondering on if
Perl is using one password hashing algorithm which is not the same as
what is in LDAP.

Ex. of LDAP attribute stored in userPassword:

SMD5}ox3RAPB79VIHB+KZZw+dpxKIx3A

Kent N


On Mon, 2005-12-12 at 16:46 +0100, Paul POULAIN wrote:
> KL Nasveschuk a écrit :
> > Hello,
> > 
> > I'm still trying to get LDAP authentication to work on Koha. I've
> > modified Auth.pm with the following:
> > 
> >  ##################################################
> >         ### LOCAL
> >         ### Change the code below to match your own LDAP server.
> >         ##################################################
> >         # LDAP connexion parameters
> >         my $ldapserver = '172.16.0.24';
> >         # Infos to do an anonymous bind
> >         my $ldapinfos = 'ou=users,dc=tow,dc=net ';
> >         my $name  = "ou=users,dc=tow,dc=net";
> >         my $db = Net::LDAP->new( $ldapserver );
> > 
> >         # do an anonymous bind
> >         my $res =$db->bind();
> >         # check connexion
> >         if($res->code) {
> >                 # auth refused
> >                 warn "LDAP Auth impossible : server not responding";
> >                 return 0;
> >         # search user
> >         } else {
> 
> this log
>  > [Mon Dec 12 12:04:36 2005] [error] [client 172.16.60.186] LDAP Auth
>  > impossible : user unknown in LDAP
>  > at /usr/local/koha/intranet/modules/C4/Auth.pm line 464.
> 
> means you have an error in the following code :
> 
> >                 my $userdnsearch = $db->search(base => "$name",
> >                                 filter =>"(uid=$userid)",
> >                                 );
> >                 if($userdnsearch->code || ! ( $userdnsearch-> count eq
> > 1 ) ) {
> >                         warn "LDAP Auth impossible : user unknown in
> > LDAP";
> >                         return 0;
> >                 };
> That means :
> * connexion was successful (otherwise, you would have LDAP Auth 
> impossible : server not responding). A good news ;-)
> * the LDAP search failed. Meaning : uid=$userid is probably not what you 
> had to do. The query you have to do depends on your LDAP structure, I 
> can't help you more.
> 
> just another hint. Change to :
>   warn "LDAP Auth impossible : user unknown in LDAP for $userid";
> to see which value is in $userid !
> 
> That could help you.
> 
> HTH
> 
> Anyway, I can ensure you I have 1 (and soon 2) libraries using LDAP 
> auth. Quite tricky to tune, but works fine when it's done !
> 
> Just one reminder : the member record is created in Koha when the user 
> logs in in OPAC. So you MUST request all your users to log in at least 
> once. That's a good solution to show you now "have the great free ILS 
> called Koha" & show what it can do.
> 



More information about the Koha mailing list