[Koha] Unexpected behavior when authenticating over LDAP (AD)

Chris Halliwell c.halliwell at cityandguildsartschool.ac.uk
Mon Aug 22 23:34:49 NZST 2022 

Hello,

Koha Version: 22.05.03.000
OS: Ubuntu server 20.04.4 LTS (Focal Fossa)
DB: Ver 15.1 Distrib 10.3.34-MariaDB

The relevant section of our koha-conf.xml is:

 <useldapserver>1</useldapserver>
<ldapserver id="ldapserver">
  <hostname>### REDACTED ###</hostname>
  <base>### REDACTED ###</base>
  <replicate>1</replicate>
  <update>1</update>
  <update_password>1</update_password>
  <auth_by_bind>1</auth_by_bind>
  <anonymous_bind>0</anonymous_bind>
  <principal_name>%s@### REDACTED ###</principal_name>
  <mapping>
        <cardnumber is="title"></cardnumber>
        <branchcode is="">CGSL</branchcode>
        <address is="">118-124 Kennington Park Road</address>
        <city is="">London</city>
        <categorycode is="department"></categorycode>
        <surname is="sn"></surname>
        <firstname is="givenName"></firstname>
        <email is="company"></email>
        <userid is="SAMAccountName"></userid>
   </mapping>
 </ldapserver>

When a new user logs in via AD, and when that user has no currently existing account on Koha, things work very well. However, if a user has an existing account created by an admin prior to them actually logging in via AD for the first time, it becomes possible for that user to log on with either their AD password, or with the password that was set when their account was created initially by a Koha admin. Expected behavior would be that the user's AD password does not only get added to their record in Koha, but also that it replaces any other password for that user. I have determined that:

1 - both passwords are defintely accessing the same user account, and that details changed in AD are indeed updating for that account
2 - it's not a case of an arbitrary login working. Only those two passwords will work, nothing else will.

Grateful for any insghts into how this may be happening.

Thanks and best regards,

Chris

Chris Halliwell  I  IT Manager
City & Guilds of London Art School, 124 Kennington Park Road, London SE11 4DJ
Charity Registration no. 1144708  I  Company no. 7817519
www.cityandguildsartschool.ac.uk<http://www.cityandguildsartschool.ac.uk/>

More information about the Koha mailing list