[Koha] Removal of patron data obtained via LDAP

Wagner, Alexander alexander.wagner at desy.de
Tue Jul 23 23:19:02 NZST 2024 

Hello!

> But what happens if a patron is no more existing on the LDAP server

To the best of my knowledge _nothing_.

> and does not log into Koha anymore?

Would behave like a locally added patron who does not visit the library any more.

> As we understand the once fetched data
> will just stay in the Koha database (in tables "borrowers" or
> "deletedborrowers") forever which conflicts with requirements of privacy.

As far as I understand Kohas login, LDAP authentication is basically creating a local patron and that's it. And then you have a local patron with features of local patron. For the password it may use the LDAP-password, but mind some notes in the docs that in case of LDAP auth you should set a random local pw as otherwise Koha will also authenticate with the local pw, which is probably not what you want.

OTOH Koha knows the concept of membership expiry and adds some features to anonymize statistics and remove patrons especially in view of the GDPR in recent versions. Including some "remove my data".

So I think you may want to check out those tools and just "forget" that you created the patrons from LDAP in the first place and treat them as local users. I did not yet set up details with us yet as I am in the midst of migration, but from the docs I got the impression that there should be all necessary procedures on board. cf. eg https://koha-community.org/manual/20.11/en/html/cron_jobs.html#anonymize-patron-data

BTW: In our case we need membership periods anyway, as we don't get any note if someone is dropped from LDAP. We base the membership period on "contract period or 3 years whichever comes first".

> We imagine we could regularly compare patron data on the LDAP server
> with the patron data in Koha (using SQL reports); or we could just
> regulary and manually delete Koha patrons that expired in a given period
> and don't have no loans etc. anymore (e. g. using the batch patron
> deletion tool); but such a manual process seems cumbersome and
> error-prone. Script "cleanup_database.pl" does not cover patrons.

I think the anonymization scripts and stuff could give you a helping hand. At least from what I read.
 
-- 
Kind regards,

Alexander Wagner

Deutsches Elektronen-Synchrotron DESY
Library and Documentation

Building 01d Room OG1.444
Notkestr. 85
22607 Hamburg

phone:  +49-40-8998-1758
e-mail: alexander.wagner at desy.de

More information about the Koha mailing list