[Koha] Koha Ldap Auth
Karam Qubsi
karamqubsi at gmail.com
Thu Jun 27 05:12:20 NZST 2019
Hello,
Have you tried to restart memcached and koha-common after configurations
updates.
/etc/init.d/koha-common restart
/etc/init.d/memcached restart
Best Regards
On Wed, 26 Jun 2019, 9:14 pm Daniele Piccoli, <daniele.piccoli at riseup.net>
wrote:
> Il 26/06/19 00:44, Hector Gonzalez ha scritto:
> >
> >
> >> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli <
> daniele.piccoli at riseup.net> wrote:
> >>
> >> Il 24/06/19 21:30, Hector Gonzalez ha scritto:
> >>> Hi Daniele
> >>
> >> Hi
> >>
> >>>> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli <
> daniele.piccoli at riseup.net> wrote:
> >>>>
> >>>> Software error:
> >>>> Error reading file /etc/koha/sites/biblioname/koha-conf.xml.
> >>>> Try running this again as the koha instance user (or use the
> koha-shell
> >>>> command in debian)
> >>>
> >>>
> >>> Is the file readable by koha? Permissions should be 640, with user
> root and biblioname-koha as the group (if that is the group that owns koha).
> >>
> >> The file is readable by Koha and in fact it has the correct permission
> >> as you said.
>
> I missed an end tag in a comment before, and so it gave me the error
> about reading
>
> Now, the error disappeared
>
> > Ok, then try making these changes:
> >
> > <ldapserver id="ldapserver" listenref="ldapserver">
> > <hostname>*IP-OF-DC*</hostname> <ldaps://*IP-OF-DC*</hostname>>
> > <base>ou=Users,dc=*sub*,dc=*domain*,dc=*tld*</base>
> > <replicate>1</replicate>
> > <update>1</update>
> > <auth_by_bind>1</auth_by_bind>
> > <anonymous_bind>0</anonymous_bind>
> > <principal_name>uid=%s@*sub*.*domain*.*tld*</principal_name>
> > <mapping>record field names -->
> > <userid is="uid"></userid>
> > <password is="userpassword"></password>
> > <email is="mail"></email>
> > <branchcode is="">YOURLIBRARYCODEinKoha</branchcode>
> > <categorycode is="">STUDENT</categorycode>
> > </mapping>
> > </ldapserver>
> >
> > 1. change the hostname to the actual hostname of the ldap server, if it
> is using ldaps, it might want to check the certificate, and that is based
> on the name.
> > 2. remove the <user> and <pass> tags, as you are using auth_by_bind. (I
> don´t know if they are needed for <update> so you might want to leave that
> there).
> > 3. Add a line that says: <anonymous_bind>0</anonymous_bind> which is
> needed with AD logins when you are using auth_by_bind (sounds weird, but
> it works that way)
> > 4. Change principal_name, the format is <principal_name>%s@*
> your.domain.name*</principal_name> which is needed with AD too. It looks
> like an email address.
> > 5. Add a mapping for "categorycode" with the text of the main user
> category (staff, students, faculty...) It IS required for login, and is
> assigned to the user automatically.
> > 6. Add the branchcode for the library.
> >
> > Also, I would change the userid mapping to <userid
> is="sAMAccountName"></userid> which is a unique name for every user with
> AD.
> > If it still gives you trouble, check the tags above and below your ldap
> configuration, and be sure those were not affected by editing the file.
>
> I've been trying to adapt the configuration in according to my DC server
> but, for the moment, ldap auth doesn't work.
>
> I'm monitoring the traffic on 389 port on DC and no traffic come from
> the Koha server...that's quite strange.
>
>
> >>>
> >>
> >> Daniele
> >> _______________________________________________
> >> Koha mailing list http://koha-community.org
> >> Koha at lists.katipo.co.nz
> >> https://lists.katipo.co.nz/mailman/listinfo/koha
> >
> > --
> > Héctor González
> > cacho at genac.org
> >
> > _______________________________________________
> > Koha mailing list http://koha-community.org
> > Koha at lists.katipo.co.nz
> > https://lists.katipo.co.nz/mailman/listinfo/koha
> >
>
> Bye
>
> Daniele
> _______________________________________________
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list