[Koha] difficulties authenticating after samba/openldap -> samba4 AD migration

mourik jan heupink - merit heupink at merit.unu.edu
Sat Apr 5 22:32:28 NZDT 2014 

Hi list & chrisc at catalyst.net.nz,

This message is to archive what our problem was:

After making changes to koha-conf.xml, it's not enough to restart 
apache2, you also have to restart memcached. (if you are using it)

After restarting memcached, the config as posted below works beautifully.

Thanks!
MJ


On 04/01/2014 07:42 PM, mourik jan heupink - merit wrote:
>
> Hi all,
>
> We've been running samba3/openldap in combo with koha for years, until 
> the time came to upgrade to samba4 AD. Did that last weekend, and 
> today I  tried to connect koha (3.12.01, I know, we have to upgrade) 
> to the samba4 ldap server.
>
> We're using auth_by_bind, which should be supported by Active 
> Directory, checked principle name many times.
>
> However, I can't login, apache logs says: " LDAP Auth rejected : 
> (uid=heupink) gets 0 hits". Using tcpflow, I can see that my dc1 
> answers "600002020: Operation unavailable without authentication".
>
> So, before I start doing bigger things (like updating koha, which has 
> always been running fine) I'd like to know if I'm missing something 
> obvious? I'm sure many people here are using (native) active directory 
> to authenticate to? Any tips..?
>
> Here is my AD samba4 config:
>
>  <ldapserver id="dc1">
>     <hostname>dc1.my.domain</hostname>
>     <base>CN=Users,DC=samba,DC=my,DC=domain</base>
>
>     <replicate>1</replicate>
>     <update>1</update>
>     <auth_by_bind>1</auth_by_bind>
>
> <principal_name>CN=%s,CN=Users,DC=samba,DC=my,DC=domain</principal_name>
>
>     <mapping>
>       <firstname    is="givenName"      ></firstname>
>       <surname      is="sn"             ></surname>
>       <address      is="streetAddress"  >our address</address>
>       <city         is="l"              >our city</city>
>       <zipcode      is="postalCode"     >our postcode</zipcode>
>       <branchcode   is="branch" >our_branch</branchcode>
>       <userid       is="uid"            ></userid>
>       <password     is="userPassword"   ></password>
>       <email        is="mail"           ></email>
>       <categorycode is="employeeType" >A</categorycode>
>       <phone        is="telephoneNumber"></phone>
>     </mapping>
>   </ldapserver>
>
> Regards,
> MJ

More information about the Koha mailing list