[Koha] FW: Koha 3.0 LDAP Question?

Winter, James WinterJ at arcadia.edu
Fri Feb 13 06:34:37 NZDT 2009

Sure, it took me a while to get it working, but we have it working now.


In our koha-conf.xml, we have this section in the config section
(between <config> and </config> near the end of the file):



 <ldapserver id="ldapserver">



not anonymous -->

    <pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous -->

    <replicate>0</replicate>   <!-- add new users from LDAP to Koha
database -->

    <update>0</update>         <!-- update existing users in Koha
database -->

    <mapping>                  <!-- match koha SQL field names to your
LDAP record field names -->

          <!--<cardnumber is="" ></cardnumber>-->

      <!--<firstname    is="givenname"      ></firstname>-->

      <!--<surname      is="sn"             ></surname>-->

      <!--<address              is=""   > </address>-->

      <!--<city                 is=""                           >

      <!--<zipcode              is=""           ></zipcode>-->

      <!--<branchcode is ="">MAIN</branchcode>-->

      <userid       is="samAccountName" ></userid>

      <password     is=""   ></password>

      <!--<email        is="mail"           ></email>-->

      <!--<categorycode is="employeetype"   > </categorycode>-->

      <!--<phone                is=""></phone>-->




Most of the attributes are commented out because we populate our users
in Koha from a different system and they only log in using their AD
password. We don't want to add new users or update existing users.


Then in Auth_with_ldap.pm at line 102 (thanks to this thread


Change these lines:


      my $userldapentry = $search->shift_entry;

        my $cmpmesg = $db->compare( $userldapentry,
attr=>'userpassword', value => $password );

        if ($cmpmesg->code != 6) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'. " . description($cmpmesg);

                return 0;



To this:


      my $userldapentry = $search->shift_entry;


        my $dbuser = Net::LDAP->new( [$prefhost] );

        $res = $dbuser->bind( $userldapentry, password => $password );

        unless ( $db && ! $res->code ) {

                warn "LDAP Auth rejected : invalid password for user

                return 0;



We had an additional problem with the Auth_with_ldap.pm automatically
updating the card number with the user's login. We have existing cards
with specific numbers that we're importing, so I had to disable a couple
of other lines (lines 116 and 117 in Auth_with_ldap.pm, before the first


#($config{update}   ) and my $c2 =
&update_local($userid,$password,$borrowernumber,\%borrower) || '';

                #($cardnumber eq $c2) or warn "update_local returned
cardnumber '$c2' instead of '$cardnumber'";


Hopefully this helps.


James Winter



From: Barry Cannon [mailto:bc at interleaf.ie] 
Sent: Thursday, February 12, 2009 12:06 PM
To: Winter, James
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?


Yes, I am using Active Directory. Do you have any tips?


From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:06
To: Barry Cannon
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?


Are you using Active Directory?


James Winter



From: koha-bounces at lists.katipo.co.nz
[mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Barry Cannon
Sent: Thursday, February 12, 2009 9:17 AM
To: koha at lists.katipo.co.nz
Subject: [Koha] FW: Koha 3.0 LDAP Question?


I have been trying to configure LDAP and have a couple of questions:


The Wiki says: There are two parts of the KOHA_CONF file (default
location: /etc/koha.xml) relevant to LDAP authentication: the
configuration stanza itself, and the "switch" line that enables or
disables LDAP. The switch appears in the main <config> section, 0 for
"off" and 1 for "on",....


Should I take this to mean the koha-conf.xml file? There is no koha.xml
file on our installed server? If it is this file, do I simply add the
LDAP server options in the config file. 


I have assumed that is what is needed but I can't figure out where to go
from there? Is there an Admin tool to configure/test the LPAD






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090212/205f4901/attachment-0001.htm 

More information about the Koha mailing list