[Koha] Koha Ldap Auth

Thu Jun 27 05:12:20 NZST 2019

Hello,

Have you tried to restart memcached and koha-common after configurations
updates.

/etc/init.d/koha-common  restart
/etc/init.d/memcached restart

Best Regards

On Wed, 26 Jun 2019, 9:14 pm Daniele Piccoli, <daniele.piccoli at riseup.net>
wrote:

> Il 26/06/19 00:44, Hector Gonzalez ha scritto:
> >
> >
> >> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli <
> daniele.piccoli at riseup.net> wrote:
> >>
> >> Il 24/06/19 21:30, Hector Gonzalez ha scritto:
> >>> Hi Daniele
> >>
> >> Hi
> >>
> >>>> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli <
> daniele.piccoli at riseup.net> wrote:
> >>>>
> >>>> Software error:
> >>>> Error reading file /etc/koha/sites/biblioname/koha-conf.xml.
> >>>> Try running this again as the koha instance user (or use the
> koha-shell
> >>>> command in debian)
> >>>
> >>>
> >>> Is the file readable by koha?  Permissions should be 640, with user
> root and biblioname-koha as the group (if that is the group that owns koha).
> >>
> >> The file is readable by Koha and in fact it has the correct permission
> >> as you said.
>
> I missed an end tag in a comment before, and so it gave me the error
> about reading
>
> Now, the error disappeared
>
> > Ok, then try making these changes:
> >
> > <ldapserver id="ldapserver"  listenref="ldapserver">
> > <hostname>*IP-OF-DC*</hostname> <ldaps://*IP-OF-DC*</hostname>>
> > <base>ou=Users,dc=*sub*,dc=*domain*,dc=*tld*</base>
> > <replicate>1</replicate>
> > <update>1</update>
> > <auth_by_bind>1</auth_by_bind>
> > <anonymous_bind>0</anonymous_bind>
> > <principal_name>uid=%s@*sub*.*domain*.*tld*</principal_name>
> >  <mapping>record field names -->
> >   <userid       is="uid"></userid>
> >   <password     is="userpassword"></password>
> >   <email        is="mail"></email>
> >   <branchcode is="">YOURLIBRARYCODEinKoha</branchcode>
> >     <categorycode is="">STUDENT</categorycode>
> >  </mapping>
> > </ldapserver>
> >
> > 1. change the hostname to the actual hostname of the ldap server, if it
> is using ldaps, it might want to check the certificate, and that is based
> on the name.
> > 2. remove the <user> and <pass> tags, as you are using auth_by_bind.  (I
> don´t know if they are needed for <update> so you might want to leave that
> there).
> > 3. Add a line that says: <anonymous_bind>0</anonymous_bind>  which is
> needed with AD logins when you are using auth_by_bind  (sounds weird, but
> it works that way)
> > 4. Change principal_name, the format is <principal_name>%s@*
> your.domain.name*</principal_name> which is needed with AD too.  It looks
> like an email address.
> > 5. Add a mapping for "categorycode" with the text of the main user
> category (staff, students, faculty...)  It IS required for login, and is
> assigned to the user automatically.
> > 6. Add the branchcode for the library.
> >
> > Also, I would change the userid mapping to <userid
>  is="sAMAccountName"></userid>  which is a unique name for every user with
> AD.
> > If it still gives you trouble, check the tags above and below your ldap
> configuration, and be sure those were not affected by editing the file.
>
> I've been trying to adapt the configuration in according to my DC server
> but, for the moment, ldap auth doesn't work.
>
> I'm monitoring the traffic on 389 port on DC and no traffic come from
> the Koha server...that's quite strange.
>
>
> >>>
> >>
> >> Daniele
> >> _______________________________________________
> >> Koha mailing list  http://koha-community.org
> >> Koha at lists.katipo.co.nz
> >> https://lists.katipo.co.nz/mailman/listinfo/koha
> >
> > --
> > Héctor González
> > cacho at genac.org
> >
> > _______________________________________________
> > Koha mailing list  http://koha-community.org
> > Koha at lists.katipo.co.nz
> > https://lists.katipo.co.nz/mailman/listinfo/koha
> >
>
> Bye
>
> Daniele
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>