[Koha] LDAP authentication problem

Hector Gonzalez cacho at genac.org
Wed Mar 20 10:33:56 NZDT 2019 

> On Mar 18, 2019, at 9:55 AM, Lichtsteiner Patric (lici) <lici at zhaw.ch> wrote:
> 
> Hi all,
> 
> We are currently evaluating koha for our university.
> 
> Right now, I’m trying to configure ldap authentication. I followed the following guides:
> https://openschoolsolutions.org/koha-ldap-setup/
> https://perldoc.koha-community.org/C4/Auth_with_ldap.html
> 
> I did the following configuration in /etc/koha/sites/<library name>/koha-conf.xml
> 
> <useldapserver>1</useldapserver>
> <ldapserver id="ldapserver" listenref="ldapserver">
>   <hostname>ldap://ldap.domain.ch</hostname>
>   <base>ou=users,DC=domain,DC=ch</base>
>   <user>CN=srvc-koha,OU=unit,DC=domain,DC=ch</user><!-- DN, if not anonymous -->
>   <pass>somepass</pass><!-- password, if not anonymous -->
>   <replicate>1</replicate>       <!-- add new users from LDAP to Koha database -->
>   <update>1</update>             <!-- update existing users in Koha database -->
>   <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of password comparison, e.g., to use A$ -->

You seem to be using AD (you have a principal_name setup), and using auth_by_bind, you might need to add this: 

<anonymous_bind>0</anonymous_bind>

It seems redundant, but recent versions of koha seem to not be able to find the user if this is not also set with auth_by_bind.


>   <principal_name>%s at domain.ch</principal_name>
>   <update_password>0</update_password>
>   <mapping>             <!-- match koha SQL field names to your LDAP record field names -->
>      <firstname    is="givenname"      ></firstname>
>      <surname      is="sn"             ></surname>
>      <userid       is="uidNumber"      ></userid>
>      <email        is="mail"           ></email>
>      <phone        is="telephonenumber"></phone>
>   </mapping>
> </ldapserver>
> 
> I’m trying to login to OPAC, but get the error message "You entered an incorrect username or password.” and the log file
> /var/log/koha/<library name>/opac-error.log 
> is still empty.
> 
> How can I debug the ldap authentication in koha?
> 
> Best,
> Patric
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha

--
Héctor González
cacho at genac.org

More information about the Koha mailing list