<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:10pt"><div><span>Anybody using Oracle Internet Directory, OID, for Koha-LDAP authentication?</span></div><div><span><br></span></div><div><span>Alen,in your case, w</span>hat is the ldap software?</div><div><br></div><div><br></div><div>Thanks an regards,</div><div>Oscar</div><div><br></div><div><br></div><div style="font-size: 10pt; font-family: verdana, helvetica, sans-serif; "><div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "><font size="2" face="Arial"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> alen vodopijevec <alen@irb.hr><br><b><span style="font-weight: bold;">To:</span></b> koha@lists.katipo.co.nz<br><b><span style="font-weight: bold;">Cc:</span></b> dpavlin@rot13.org; Oscar Gaona <ramses02@yahoo.com><br><b><span style="font-weight: bold;">Sent:</span></b>
Wednesday, June 29, 2011 4:54 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Koha] Share Koha-LDAP conf<br></font><br>
I'm not sure why but I also had to format principal_name in koha-conf.xml<br>as follows:<br>--<br><principal_name>uid=%s,dc=irb,dc=hr</principal_name><br>--<br><br>Otherwise it doesn't work with openldap at my institution :/<br><br>regards,<br>--<br>alen<br><br><br>> 2011/6/22 Oscar Gaona <<a ymailto="mailto:ramses02@yahoo.com" href="mailto:ramses02@yahoo.com">ramses02@yahoo.com</a>>:<br>>> Hi all<br>>> There are many questions and solutions around Koha-LDAP connection /<br>>> authentication, so it seems there is not a only way to get it because<br>>> each<br>>> Library / Institution has its own requirements / developments.<br>>> If you has a successful / useful experience on this topic, may you share<br>>> how<br>>> you do it, please? Obviously, changing some real names / IP's<br>>> Sometimes, examples are the better way to support people looking for<br>>>
solutions...<br>><br>> For start, I would suggest to first try 3.2.10 or current git version<br>> because<br>> there are few LDAP fixes which just got merged into repository and<br>> relesed.<br>><br>> For a start, until bug 4994[1] gets merged, keep values inside<br>> is="ldap-field" lower case only.<br>><br>> We are using following configuration:<br>><br>> <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra<br>> configs you must add if you want to turn this on --><br>><br>> <ldapserver id="ldapserver" listenref="ldapserver"><br>> <!--<br>> <hostname>ldaps://ldap.ffzg.hr</hostname><br>> --><br>> <hostname>ldap://localhost:1389</hostname><br>> <base>dc=ffzg,dc=hr</base><br>><br>> <replicate>1</replicate> <!-- add new users from LDAP to Koha
database<br>> --><br>> <update>0</update> <!-- update existing users in Koha database --><br>><br>> <auth_by_bind>1</auth_by_bind><br>> <principal_name>%s</principal_name> <!-- optional, for auth_by_bind:<br>> a printf format to make userPrincipalName from koha userid --><br>><br>> <mapping> <!-- match koha SQL field names to your LDAP<br>> record field names --><br>> <firstname is="givenname" ></firstname><br>> <surname is="sn" ></surname><br>> <address is="ffzg-adresa_ulica" ></address><br>> <city is="ffzg-adresa_grad" ></city><br>>
<!--<br>> <zipcode is="ffzg-adresa_postanski_broj"></zipcode><br>> ---><br>><br>> <branchcode is="local-branch" >FFZG</branchcode><br>> <userid is="hrEduPersonUniqueID" ></userid><br>> <password is="userpassword" ></password><br>> <email is="mail" ></email><br>> <categorycode is="hrEduPersongroupmember" >IMP</categorycode><br>><br>> <dateofbirth is="hredupersondateofbirth" ></dateofbirth><br>> <sex is="ffzg-spol" ></sex><br>> <phone is="ffzg-tel_fixed"></phone><br>> <mobile
is="ffzg-tel_mobile"></mobile><br>><br>> <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry><br>><br>> <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG><br>> <OIB is="hrEduPersonOIB"></OIB><br>><br>> </mapping><br>> </ldapserver><br>><br>> This configuration works with changes in bug 4994, otherwise<br>> everything inside is=""<br>> would have to be lowercase only.<br>><br>> We are using few of HrEdu* attributes which are specific to our national<br>> LDAP<br>> schema, and probably unusual combination of replication (to create users<br>> who<br>> logged in first time over web) without update (since we will edit patron's<br>> data<br>> locally, and then our data will be more current that LDAP data, so we<br>> don't want<br>> to overwrite it).<br>><br>> Hope
this helps.<br>><br>> 1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994<br>><br>> --<br>> ...2share!2flame... http://blog.rot13.org<br>> _______________________________________________<br>> Koha mailing list http://koha-community.org<br>> <a ymailto="mailto:Koha@lists.katipo.co.nz" href="mailto:Koha@lists.katipo.co.nz">Koha@lists.katipo.co.nz</a><br>> http://lists.katipo.co.nz/mailman/listinfo/koha<br>><br>><br>><br>> ----------------------------- UPOZORENJE -----------------------------<br>><br>> Automatskom detekcijom utvrdjeno je da se u ovoj poruci<br>> pojavljuje rijec "PASSWORD" ili "LOZINKA".<br>><br>> AKO SE U PORUCI TRAZI DA POSALJETE SVOJU IRB LOZINKU<br>> NEMOJTE TO NIKAKO UCINITI JER SE RADI O NAPADU S CILJEM<br>> KRADJE ELEKTRONICKOG IDENTITETA.<br>><br>> Centar za informatiku i
racunarstvo,<br>> Institut Rudjer Boskovic<br>><br>> ----------------------------- UPOZORENJE -----------------------------<br>><br>><br>><br><br><br>-- <br><br><br><br><br></div></div></div></body></html>