[Koha] Koha and LDAP: Password comparison fails
uwe
singlespeedfahrer at yandex.com
Thu Sep 10 10:43:17 NZST 2015
Am Freitag, den 21.08.2015, 10:36 +0200 schrieb mourik jan heupink:
> I have no other clues, no. Must say I'm rather surprised to read that
> auth by bind is no option for you. Are you sure? Why not
It seems that I misunderstood the auth-by-bind function. Finally
someone who has more ldap knowledge helped out to connect the ldap to
our koha installation. Now it works with auth-by-bind as you suggested.
Thank you very much. Your hint guided us into the right way to get it
to work.
Best wishes
Uwe
>
>
> On 08/20/2015 03:02 PM, uwe wrote:
> > Hello,
> >
> > Am Mittwoch, den 19.08.2015, 22:24 +0200 schrieb mourik jan
> > heupink:
> > > I'm not sure if it will help you, but we have never had much luck
> > >
> > > with the password compare routine, which koha seems to like.
> > >
> > > I don't know any other ldap client that works like that. The
> > > usual
> > > way
> > > (and this one works perfectly here, using openldap and also
> > > samba4/AD)
> > > is: use <auth_by_bind>1</auth_by_bind>
> > >
> > > Your principal_name would then be something like:
> > >
> > > <principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name>
> >
> > Thank you for your answer and hints but unfortunally auth_by_bind
> > seems
> > to be no option for us.
> >
> > Is there another way to solve the issue?
> >
> > Thanks in advance
> > Uwe
> >
> > > Hopefully this helps you as well.
> > >
> > > MJ
> > >
> > > On 8/18/2015 14:35, uwe wrote:
> > > > Hello,
> > > >
> > > > we have a Koha-Installation and would like to connect to our
> > > > OpenLDAP
> > > > -server, but I can't get it to work.
> > > >
> > > > First our Koha setup:
> > > >
> > > > > OS: debian wheezy
> > > > > Koha: 3.20.02
> > > >
> > > > Connecting to ldap-server works fine but the password
> > > > comparison
> > > > fails
> > > > with the follwing error (tested in the console but also fails
> > > > in
> > > > the
> > > > web gui; also given password is correct):
> > > >
> > > > > root at biblio:/etc/koha/sites/MY_SITE# env
> > > > > PERL5LIB=/usr/share/koha/lib
> > > > KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl
> > > > /usr/share/koha/opac/cgi-bin/opac/opac-user.pl
> > > > userid=MY_MAIL_NAME at MY_
> > > > ORG.org password=MY_PASSWORD. | head -5
> > > >
> > > > > Got 2 ldap mapkeys ( total ): userid
> > > > > Got 2 ldap mapkeys (populated): userid
> > > > > Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703,
> > > > > <DATA>
> > > > > line
> > > > 558.
> > > > > kohaversion : 3.2002000
> > > > > ## checkpw - checking LDAP
> > > > > LDAP Auth rejected : invalid password for user
> > > > > 'MY_MAIL_NAME at MY_O
> > > > > RG.o
> > > > rg'. LDAP error #5: LDAP_COMPARE_FALSE
> > > > > # This code is returned when a compare request completes and
> > > > > the
> > > > attribute value given is not in the entry specified
> > > > >
> > > > > Login failed, resetting anonymous session... at
> > > > /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595.
> > > >
> > > > Configuration in koha-conf.xml, see below. Our ldap-server uses
> > > > SSHA as
> > > > password sheme. Could this be the problem?
> > > >
> > > > How can I solve it? Can't find much usefull when searching
> > > > internet
> > > > for
> > > > the problem.
> > > >
> > > > Thanks and best wishes
> > > > Uwe
> > > >
> > > > > <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap
> > > > > for
> > > > extra configs you must add if you want to turn this on -->
> > > > >
> > > > > <!-- LDAP SERVER (optional) -->
> > > > >
> > > > > <ldapserver id="ldapserver" listenref="ldapserver">
> > > > > <hostname>MY_LDAP_SERVER</hostname>
> > > > > <base>ou=id,dc=MY_ORG,dc=org</base>
> > > > > <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user>
> > > > > <!--
> > > > > DN,
> > > > if not anonymous -->
> > > > > <pass>MY_SECRET_PASSWORD</pass> <!-- password, if
> > > > > not
> > > > anonymous -->
> > > > > <replicate>0</replicate> <!-- add new users from LDAP
> > > > > to
> > > > > Koha
> > > > database -->
> > > > > <update>0</update> <!-- update existing users in
> > > > > Koha
> > > > database -->
> > > > > <anonymous_bind>0</anonymous_bind>
> > > > > <auth_by_bind>0</auth_by_bind> <!-- set to 1 to
> > > > > authenticate
> > > > by binding instead of password comparison, e.g., to use Active
> > > > Directory -->
> > > > > <!--<principal_name>%s at MY_ORG.org</principal_name>-->
> > > > > <mapping> <!-- match koha SQL field names to your
> > > > > LDAP
> > > > > record
> > > > field names -->
> > > > > <!--<firstname is="firstname"></firstname>
> > > > > <surname is="surname"></surname>
> > > > > <address is="postaladdress">hier</address>
> > > > > <city is="l">Berlin</city>
> > > > > <zipcode is="postalcode">1000</zipcode>
> > > > > <branchcode
> > > > > is="businesscategory"></branchcode>
> > > > > -->
> > > > > <userid is="uid"></userid>
> > > > > <!--<password is="USER_PASSWORD"></password>
> > > > > <email is="mail"></email>
> > > > > <categorycode
> > > > > is="employeetype">PT</categorycode>
> > > > > <phone is="telephonenumber">11111</phone>
> > > > > <flags is="flags">2</flags> -->
> > > > > </mapping>
> > > > > </ldapserver>
> > > >
> > > >
> > > > (hint: some private data is anonymized with large letters)
> > > >
> > > _______________________________________________
> > > Koha mailing list http://koha-community.org
> > > Koha at lists.katipo.co.nz
> > > https://lists.katipo.co.nz/mailman/listinfo/koha
> _______________________________________________
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
--
Q: What is green and lives in the ocean?
A: Moby Pickle.
More information about the Koha
mailing list