[Koha] difficulties authenticating after samba/openldap -> samba4 AD migration
mourik jan heupink - merit
heupink at merit.unu.edu
Sat Apr 5 22:32:28 NZDT 2014
Hi list & chrisc at catalyst.net.nz,
This message is to archive what our problem was:
After making changes to koha-conf.xml, it's not enough to restart
apache2, you also have to restart memcached. (if you are using it)
After restarting memcached, the config as posted below works beautifully.
Thanks!
MJ
On 04/01/2014 07:42 PM, mourik jan heupink - merit wrote:
>
> Hi all,
>
> We've been running samba3/openldap in combo with koha for years, until
> the time came to upgrade to samba4 AD. Did that last weekend, and
> today I tried to connect koha (3.12.01, I know, we have to upgrade)
> to the samba4 ldap server.
>
> We're using auth_by_bind, which should be supported by Active
> Directory, checked principle name many times.
>
> However, I can't login, apache logs says: " LDAP Auth rejected :
> (uid=heupink) gets 0 hits". Using tcpflow, I can see that my dc1
> answers "600002020: Operation unavailable without authentication".
>
> So, before I start doing bigger things (like updating koha, which has
> always been running fine) I'd like to know if I'm missing something
> obvious? I'm sure many people here are using (native) active directory
> to authenticate to? Any tips..?
>
> Here is my AD samba4 config:
>
> <ldapserver id="dc1">
> <hostname>dc1.my.domain</hostname>
> <base>CN=Users,DC=samba,DC=my,DC=domain</base>
>
> <replicate>1</replicate>
> <update>1</update>
> <auth_by_bind>1</auth_by_bind>
>
> <principal_name>CN=%s,CN=Users,DC=samba,DC=my,DC=domain</principal_name>
>
> <mapping>
> <firstname is="givenName" ></firstname>
> <surname is="sn" ></surname>
> <address is="streetAddress" >our address</address>
> <city is="l" >our city</city>
> <zipcode is="postalCode" >our postcode</zipcode>
> <branchcode is="branch" >our_branch</branchcode>
> <userid is="uid" ></userid>
> <password is="userPassword" ></password>
> <email is="mail" ></email>
> <categorycode is="employeeType" >A</categorycode>
> <phone is="telephoneNumber"></phone>
> </mapping>
> </ldapserver>
>
> Regards,
> MJ
More information about the Koha
mailing list