[Koha] Koha 3 and LDAP

[Charles Lacroix]

MJ Ray a écrit :
> "Landers, Paul" <paul.landers at ttuhsc.edu> wrote:
>   
>> Does anyone have detailed instructions for enabling and configuring
>> Koha 3 with LDAP for authentication?  This would be one of the major
>> reasons for us moving to Koha from our current ILS.  The man page for
>> the LDAP plugin indicates that LDAP must supply *ALL* required fields
>> for patron records.  Our I.T. has advised us of the following for our
>> LDAP server:
>>
>> It can be used for authentication only.  It will not return data for fields.
>>
>> It will not allow anonymous binds.
>>
>> It will not return a password for Koha to compare.  Koha must supply
>> the password or the hash to LDAP.
>>
>> Given these constraints, how do we configure Koha to use LDAP?
>>     
>
> Slap your I.T. until they provide a useful LDAP service?
>
> Seriously - I think you need to either:-
>
> 1. run your own LDAP server that proxies out to your I.T.'s LDAP
> server for authentication - see
> http://www.openldap.org/software/man.cgi?query=slapd-meta&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release
> for one way to do that; OR
>
> 2. you need to customise koha to create an C4::Auth_with_ldap_and_kohadb
> module that mixes C4::Auth and C4::Auth_with_ldap methods as needed.
>
> Not returning a password probably isn't a problem.  If I'm reading the
> C4::Auth_with_ldap code right, Koha sends the password to the LDAP and
> doesn't do anonymous binds.  It's the lack of field data that's a pain.
>
> Hope that helps,
>   
I know that edirectory will not pass passwords or passwords hash for 
authentication,
the only way i know to go around this is to do what they call the 
"rebind" technique.
first you search for you user, then you try to bind an ldap session as 
the user you want
to test. Once this is done, you can also validate the the user in LDAP 
is also in the apropriate group.

If we go with koha i will have to modify the ldap auth module so it 
works with the rebind.

I hope this can help :)

later
Charles