[Koha] Share Koha-LDAP conf

Dobrica Pavlinušić dpavlin at gmail.com
Fri Jun 24 07:09:33 NZST 2011


2011/6/22 Oscar Gaona <ramses02 at yahoo.com>:
> Hi all
> There are many questions and solutions around Koha-LDAP connection /
> authentication, so it seems there is not a only way to get it because each
> Library / Institution has its own requirements / developments.
> If you has a successful / useful experience on this topic, may you share how
> you do it, please? Obviously, changing some real names / IP's
> Sometimes, examples are the better way to support people looking for
> solutions...

For start, I would suggest to first try 3.2.10 or current git version because
there are few LDAP fixes which just got merged into repository and relesed.

For a start, until bug 4994[1] gets merged, keep values inside
is="ldap-field" lower case only.

We are using following configuration:

 <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra
configs you must add if you want to turn this on -->

<ldapserver id="ldapserver" listenref="ldapserver">
<!--
 <hostname>ldaps://ldap.ffzg.hr</hostname>
-->
 <hostname>ldap://localhost:1389</hostname>
 <base>dc=ffzg,dc=hr</base>

 <replicate>1</replicate>  <!-- add new users from LDAP to Koha database -->
 <update>0</update>        <!-- update existing users in Koha database -->

 <auth_by_bind>1</auth_by_bind>
 <principal_name>%s</principal_name> <!-- optional, for auth_by_bind:
a printf format to make userPrincipalName from koha userid -->

 <mapping>            <!-- match koha SQL field names to your LDAP
record field names -->
    <firstname   is="givenname"     ></firstname>
    <surname     is="sn"            ></surname>
    <address     is="ffzg-adresa_ulica" ></address>
    <city        is="ffzg-adresa_grad" ></city>
<!--
    <zipcode     is="ffzg-adresa_postanski_broj"></zipcode>
--->

    <branchcode  is="local-branch"        >FFZG</branchcode>
    <userid      is="hrEduPersonUniqueID"  ></userid>
    <password    is="userpassword"  ></password>
    <email       is="mail"          ></email>
    <categorycode is="hrEduPersongroupmember"  >IMP</categorycode>

    <dateofbirth is="hredupersondateofbirth" ></dateofbirth>
    <sex is="ffzg-spol" ></sex>
    <phone is="ffzg-tel_fixed"></phone>
    <mobile is="ffzg-tel_mobile"></mobile>

    <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry>

    <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG>
       <OIB is="hrEduPersonOIB"></OIB>

 </mapping>
</ldapserver>

This configuration works with changes in bug 4994, otherwise
everything inside is=""
would have to be lowercase only.

We are using few of HrEdu* attributes which are specific to our national LDAP
schema, and probably unusual combination of replication (to create users who
logged in first time over web) without update (since we will edit patron's data
locally, and then our data will be more current that LDAP data, so we don't want
to overwrite it).

Hope this helps.

1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994

-- 
 ...2share!2flame... http://blog.rot13.org


More information about the Koha mailing list