[Koha] LDAP authentication -- getting closer.....

Henri-Damien LAURENT henridamien.laurent at biblibre.com
Fri Oct 10 23:20:58 NZDT 2008 

Hi,
2008/10/8 Scott Owen <sowen at edzone.net>

> Hi all,
>
> I seem to be making some headway getting the LDAP authentication working
> betwixt Koha and Netware/NDS/LDAP.
>
> A quick glance at the two login attempts below , shows that a username
> (in my case "test") without the full NDS context will not authenticate
> and will generate a failed user/password combination.
>
> However, using a NDS fully qualified distinguished name (in my case
> cn=test,ou=students,o=SCHOOL) seems to generate a successful login ?
> (Sending operation result 0:"":"" to connection 0xa7684b60)
> But then dies later on ......(Duplicate entry 'cn=test,ou=stude')
>
> A quick peek at the borrowers in the Koha MySQL data base (CSV export)
>
>
> 338    71582    FA    ZA                   PINE AVENUE        ALMA
> 339    71583    BR    AU                  PINE AVENUE        ALMA
> 340    44863    ED    ZA                    PINE AVENUE        ALMA
>

Those entries Are really weird.


> 341    cn=41337,ou=stud
> 342    cn=test,ou=stude
> 343    71584    test    test                    123 happy lane         alma
>
>
> Shows that my test users (test and 41337) are being added to the
> borrowers ???? (FA ZA etc...are truncated user lastnames, firstnames...I
> truncated them for this post)
> And that my LDAP attrib mapping in NDS are correct (the firstname,
> lastname address and city are all correct for my "test" user...but they
> are under a user named 71584.....I have no idea where this username came
> from....but I'm guessing it was automagically added (after the two real
> studend ID number of 71582 and 71583))
>
> So...I'm guessing that some playing with the LDAP section of the Auth.pm
> file may allow me to use just a used ID (41337) rather than the fully
> qualified distinguished name ??? Any Ideas on that ??
>

afaict, it is trying to add two borrowers when one should be enough, and
adding a borrower with LDAP database information. Maybe there is a problem
with some  doublequoted data, maybe a problem of parenthesis in your data.


> Any ideas on the Duplicate entry  error ?? (or might this go away as
> soon as the logins are working properly ???)
>
>
>
>
>
> ********************************
> Logging in as "test"
>
>
> --Intranet Error Log --
> New cleartext connection 0xa7684b60 from 10.1.1.192:3081, monitor =
> 0x259, index = 1
> DoBind on connection 0xa7684b60
> Bind name:test, version:3, authentication:simple
> Illegal ndsname "test" in ldap2uNDSDN, err = 34 (0x22)
> ldap2uNDSDN ldapDN = "test" - error 34 (0x22)
> Failed to convert LDAP DN "test" in nds_back_bind, err = 34 (0x22)
> Sending operation result 34:"":"" to connection 0xa7684b60
> Operation 0x1:0x60 on connection 0xa7684b60 completed in 0 seconds
> Monitor 0x259 found connection 0xa7684b60 socket closed, err = -5871, 0
> of 0 bytes read
> Monitor 0x259 initiating close for connection 0xa7684b60
> Server closing connection 0xa7684b60, socket error = -5871
>
>
>
> --DStrace Error Log--
> [Wed Oct 08 10:01:47 2008] [error] [client 127.0.0.1] LDAP Auth failed
> server not responding or wrong user password combination at
> c:/usr/koha229/intranet/modules/C4/Auth.pm line 528., referer:
> http://127.0.0.1:8000/cgi-bin/koha/mainpage.pl
>
>
> *******************************************************
>
>
> Logging in as cn=test,ou=students,o=SCHOOL
>
> --Intranet Error Log --
> New cleartext connection 0xa7684b60 from 10.1.1.192:3088, monitor =
> 0x259, index = 1
> DoBind on connection 0xa7684b60
> Bind name:cn=test,ou=students,o=SCHOOL, version:3, authentication:simple
> Sending operation result 0:"":"" to connection 0xa7684b60
> Operation 0x1:0x60 on connection 0xa7684b60 completed in 0 seconds
> DoSearch on connection 0xa7684b60
> Search request:
>    base: "OU=STUDENTS,O=SCHOOL"
>    scope:2  dereference:2  sizelimit:0  timelimit:0  attrsonly:0
>    filter: "(cn=cn=test,ou=students,o=SCHOOL)"
>    no attributes
> Empty attribute list implies all user attributes
> Sending operation result 0:"":"" to connection 0xa7684b60
> Operation 0x2:0x63 on connection 0xa7684b60 completed in 0 seconds
> Monitor 0x259 found connection 0xa7684b60 socket closed, err = -5871, 0
> of 0 bytes read
> Monitor 0x259 initiating close for connection 0xa7684b60
> Server closing connection 0xa7684b60, socket error = -5871
> Connection 0xa7684b60 closed
>
>
> --DStrace Error Log--
> [Wed Oct 08 10:14:01 2008] [error] [client 127.0.0.1] DBD::mysql::st
> execute failed: Duplicate entry 'cn=test,ou=stude' for key 1 at
> c:/usr/koha229/intranet/modules/C4/Members.pm line 155., referer:
> http://127.0.0.1:8000/cgi-bin/koha/mainpage.pl
> ************************************************
> _______________________________________________
> Koha mailing list
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20081010/b23d45d6/attachment.htm

More information about the Koha mailing list