[Koha] LDAP authentication

KL Nasveschuk klnasveschuk at klnconsulting.net
Tue Dec 13 02:59:04 NZDT 2005


Hello,

I'm still trying to get LDAP authentication to work on Koha. I've
modified Auth.pm with the following:

 ##################################################
        ### LOCAL
        ### Change the code below to match your own LDAP server.
        ##################################################
        # LDAP connexion parameters
        my $ldapserver = '172.16.0.24';
        # Infos to do an anonymous bind
        my $ldapinfos = 'ou=users,dc=tow,dc=net ';
        my $name  = "ou=users,dc=tow,dc=net";
        my $db = Net::LDAP->new( $ldapserver );

        # do an anonymous bind
        my $res =$db->bind();
        # check connexion
        if($res->code) {
                # auth refused
                warn "LDAP Auth impossible : server not responding";
                return 0;
        # search user
        } else {
                my $userdnsearch = $db->search(base => "$name",
                                filter =>"(uid=$userid)",
                                );
                if($userdnsearch->code || ! ( $userdnsearch-> count eq
1 ) ) {
                        warn "LDAP Auth impossible : user unknown in
LDAP";
                        return 0;
                };
                # compare a-weak with $password.
                # The a-weak LDAP field contains the password
                my $userldapentry=$userdnsearch -> shift_entry;
                my $cmpmesg = $db -> compare ( $userldapentry, attr =>
'userPassword', value => $password );
                if( $cmpmesg -> code != 6 ) {
                        warn "LDAP Auth impossible : wrong password
$userldapentry";
                        return 0;
                };
                # build LDAP hash
                my %memberhash;
                my $x =$userldapentry->{asn}{attributes};
                my $key;
                foreach my $k ( @$x) {
                        foreach my $k2 (keys %$k) {
                                if ($k2 eq 'type') {
                                        $key = $$k{$k2};
                                } else {
                                        my $a = @$k{$k2};
                                        foreach my $k3 (@$a) {
                                                $memberhash{$key} .=
$k3." ";
                                        }
                                }
                        }
                }
                #
                # BUILD %borrower to CREATE or MODIFY BORROWER
                # change $memberhash{'xxx'} to fit your ldap structure.
                # check twice that mandatory fields are correctly filled
                #
                my %borrower;
                $borrower{cardnumber} = $userid;
                $borrower{firstname} = $memberhash{givenName}; #
MANDATORY FIELD
                $borrower{surname} = $memberhash{sn}; # MANDATORY FIELD
                $borrower{initials} =
substr($borrower{firstname},0,1).substr($borrower{surname},0,1)."  "; #
MANDATORY FIELD
                $borrower{streetaddress} =
$memberhash{homePostalAddress}." "; # MANDATORY FIELD
                $borrower{city} = $memberhash{l}." "; # MANDATORY FIELD
                $borrower{phone} = $memberhash{homePhone}." "; #
MANDATORY FIELD
                $borrower{branchcode} = $memberhash{businessCategory}; #
MANDATORY FIELD
                $borrower{emailaddress} = $memberhash{mail};
                $borrower{categorycode} = $memberhash{employeeType};
        ##################################################
        ### /LOCAL
        ### No change needed after this line (unless there's a bug ;-) )
        ##################################################


The error message I get in opac-err_log is:

[Mon Dec 12 12:04:36 2005] [error] [client 172.16.60.186] LDAP Auth
impossible : user unknown in LDAP
at /usr/local/koha/intranet/modules/C4/Auth.pm line 464.

Is there anyway to modify this to get error messages printed to
opac-error_log, or use a specific user to search the directory. I'm not
very good at Perl unfortunately, better at PHP.


Kent N 



More information about the Koha mailing list