[Koha] Koha and LDAP: Password comparison fails

uwe singlespeedfahrer at yandex.com
Fri Aug 21 01:02:15 NZST 2015 

Hello,

Am Mittwoch, den 19.08.2015, 22:24 +0200 schrieb mourik jan heupink:
> I'm not sure if it will help you, but we have never had much luck
> 
> with the password compare routine, which koha seems to like.
> 
> I don't know any other ldap client that works like that. The usual 
> way 
> (and this one works perfectly here, using openldap and also 
> samba4/AD) 
> is: use <auth_by_bind>1</auth_by_bind>
> 
> Your principal_name would then be something like:
> 
> <principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name>

Thank you for your answer and hints but unfortunally auth_by_bind seems
to be no option for us. 

Is there another way to solve the issue? 

Thanks in advance
Uwe

> Hopefully this helps you as well.
> 
> MJ
> 
> On 8/18/2015 14:35, uwe wrote:
> > Hello,
> > 
> > we have a Koha-Installation and would like to connect to our 
> > OpenLDAP
> > -server, but I can't get it to work.
> > 
> > First our Koha setup:
> > 
> > > OS: debian wheezy
> > > Koha: 3.20.02
> > 
> > Connecting to ldap-server works fine but the password comparison 
> > fails
> > with the follwing error (tested in the console but also fails in 
> > the
> > web gui; also given password is correct):
> > 
> > > root at biblio:/etc/koha/sites/MY_SITE# env 
> > > PERL5LIB=/usr/share/koha/lib
> > KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl
> > /usr/share/koha/opac/cgi-bin/opac/opac-user.pl  
> > userid=MY_MAIL_NAME at MY_
> > ORG.org password=MY_PASSWORD. | head -5
> > 
> > > Got 2 ldap mapkeys (  total  ): userid
> > > Got 2 ldap mapkeys (populated): userid
> > > Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, <DATA> 
> > > line
> > 558.
> > > kohaversion : 3.2002000
> > > ## checkpw - checking LDAP
> > > LDAP Auth rejected : invalid password for user 'MY_MAIL_NAME at MY_O
> > > RG.o
> > rg'. LDAP error #5: LDAP_COMPARE_FALSE
> > > # This code is returned when a compare request completes and the
> > attribute value given is not in the entry specified
> > > 
> > > Login failed, resetting anonymous session... at
> > /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595.
> > 
> > Configuration in koha-conf.xml, see below. Our ldap-server uses 
> > SSHA as
> > password sheme. Could this be the problem?
> > 
> > How can I solve it? Can't find much usefull when searching internet 
> > for
> > the problem.
> > 
> > Thanks and best wishes
> > Uwe
> > 
> > > <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap for
> > extra configs you must add if you want to turn this on -->
> > > 
> > > <!-- LDAP SERVER (optional) -->
> > > 
> > > <ldapserver id="ldapserver"  listenref="ldapserver">
> > >        <hostname>MY_LDAP_SERVER</hostname>
> > >          <base>ou=id,dc=MY_ORG,dc=org</base>
> > >          <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> <!-- 
> > > DN,
> > if not anonymous -->
> > >          <pass>MY_SECRET_PASSWORD</pass>  <!-- password, if not
> > anonymous -->
> > >         <replicate>0</replicate> <!-- add new users from LDAP to 
> > > Koha
> > database -->
> > >          <update>0</update>  <!-- update existing users in Koha
> > database -->
> > >          <anonymous_bind>0</anonymous_bind>
> > >          <auth_by_bind>0</auth_by_bind> <!-- set to 1 to 
> > > authenticate
> > by binding instead of password comparison, e.g., to use Active
> > Directory -->
> > >         <!--<principal_name>%s at MY_ORG.org</principal_name>-->
> > >          <mapping> <!-- match koha SQL field names to your LDAP 
> > > record
> > field names -->
> > >                  <!--<firstname is="firstname"></firstname>
> > >                  <surname is="surname"></surname>
> > >                  <address is="postaladdress">hier</address>
> > >                  <city is="l">Berlin</city>
> > >                  <zipcode is="postalcode">1000</zipcode>
> > >                  <branchcode is="businesscategory"></branchcode> 
> > > -->
> > >                  <userid is="uid"></userid>
> > >                  <!--<password is="USER_PASSWORD"></password>
> > >                  <email is="mail"></email>
> > >                  <categorycode 
> > > is="employeetype">PT</categorycode>
> > >                  <phone is="telephonenumber">11111</phone>
> > >                  <flags is="flags">2</flags> -->
> > >          </mapping>
> > > </ldapserver>
> > 
> > 
> > (hint: some private data is anonymized with large letters)
> > 
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
-- 
Everything will be just tickety-boo today.

More information about the Koha mailing list