[Koha] Koha authentication against existing LDAP directory

Ben Finney ben+koha at benfinney.id.au
Wed Jun 10 12:51:49 NZST 2009


Ben Finney <ben+koha at benfinney.id.au> writes:

> It occurred to me, discussing with Chris, that perhaps what I'm seeing
> from Koha is that the *authentication* worked, but the user has no
> permission. If true, that would be a step forward.

A discussion on IRC with Galen Charlton confirmed that indeed, the
authentication was working. The creation of the borrower record failed
due to confusion over the MySQL schema and the mapping from
LDAP-to-MySQL fields.

I have now imported the “optional data” from the SQL files in
‘installer/data/mysql/en/optional/’. I now have the following Koha
config for the LDAP section:

=====
<config>
 …
 <useldapserver>1</useldapserver
    <ldapserver id="ldapserver"  listenref="ldapserver">
        <hostname>trimserver-admin.lan</hostname>
        <base>ou=People,dc=lan</base>
        <replicate>1</replicate>       <!-- add new users from LDAP to Koha database -->
        <update>1</update>             <!-- update existing users in Koha database -->
        <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of
                                            password comparison, e.g., to use Active Directory -->
        <mapping>             <!-- match koha SQL field names to your LDAP record field names -->
            <firstname    is="givenname"      ></firstname>
            <surname      is="sn"             ></surname>
            <address      is="postaladdress"  >Unknown address</address>
            <city         is="l"              >Unknown city</city>
            <!-- <zipcode      is="postalcode"     ></zipcode> -->
            <branchcode   is="branch"         >CPL</branchcode>
            <userid       is="uid"            ></userid>
            <password     is="userpassword"   ></password>
            <!-- <email        is="mail"           ></email> -->
            <categorycode is="employeetype"   >PT</categorycode>
            <!-- <phone        is="telephonenumber"></phone> -->
        </mapping>
    </ldapserver>
</config>
=====

(Side note: isn't one of the main points of a NULL in a database to
indicate “the value for this column is currently unknown”? It would be
better, I'd think, for the Koha code to use a NULL field to indicate
that state, rather than setting the schema NOT NULL for those columns.)

Now, when successfully authenticating against LDAP in the admin
interface, a new borrower record is created in the ‘borrowers’ table, if
the user was previously unknown.

I'm getting errors still, but it appears that authentication has
succeeded. Thanks for everyone's help so far.

-- 
 \       “The apparent lesson of the Inquisition is that insistence on |
  `\         uniformity of belief is fatal to intellectual, moral, and |
_o__)    spiritual health.” —_The Uses Of The Past_, Herbert J. Muller |
Ben Finney



More information about the Koha mailing list