[Koha] LDAP authentication
KL Nasveschuk
klnasveschuk at klnconsulting.net
Tue Dec 13 02:59:04 NZDT 2005
Hello,
I'm still trying to get LDAP authentication to work on Koha. I've
modified Auth.pm with the following:
##################################################
### LOCAL
### Change the code below to match your own LDAP server.
##################################################
# LDAP connexion parameters
my $ldapserver = '172.16.0.24';
# Infos to do an anonymous bind
my $ldapinfos = 'ou=users,dc=tow,dc=net ';
my $name = "ou=users,dc=tow,dc=net";
my $db = Net::LDAP->new( $ldapserver );
# do an anonymous bind
my $res =$db->bind();
# check connexion
if($res->code) {
# auth refused
warn "LDAP Auth impossible : server not responding";
return 0;
# search user
} else {
my $userdnsearch = $db->search(base => "$name",
filter =>"(uid=$userid)",
);
if($userdnsearch->code || ! ( $userdnsearch-> count eq
1 ) ) {
warn "LDAP Auth impossible : user unknown in
LDAP";
return 0;
};
# compare a-weak with $password.
# The a-weak LDAP field contains the password
my $userldapentry=$userdnsearch -> shift_entry;
my $cmpmesg = $db -> compare ( $userldapentry, attr =>
'userPassword', value => $password );
if( $cmpmesg -> code != 6 ) {
warn "LDAP Auth impossible : wrong password
$userldapentry";
return 0;
};
# build LDAP hash
my %memberhash;
my $x =$userldapentry->{asn}{attributes};
my $key;
foreach my $k ( @$x) {
foreach my $k2 (keys %$k) {
if ($k2 eq 'type') {
$key = $$k{$k2};
} else {
my $a = @$k{$k2};
foreach my $k3 (@$a) {
$memberhash{$key} .=
$k3." ";
}
}
}
}
#
# BUILD %borrower to CREATE or MODIFY BORROWER
# change $memberhash{'xxx'} to fit your ldap structure.
# check twice that mandatory fields are correctly filled
#
my %borrower;
$borrower{cardnumber} = $userid;
$borrower{firstname} = $memberhash{givenName}; #
MANDATORY FIELD
$borrower{surname} = $memberhash{sn}; # MANDATORY FIELD
$borrower{initials} =
substr($borrower{firstname},0,1).substr($borrower{surname},0,1)." "; #
MANDATORY FIELD
$borrower{streetaddress} =
$memberhash{homePostalAddress}." "; # MANDATORY FIELD
$borrower{city} = $memberhash{l}." "; # MANDATORY FIELD
$borrower{phone} = $memberhash{homePhone}." "; #
MANDATORY FIELD
$borrower{branchcode} = $memberhash{businessCategory}; #
MANDATORY FIELD
$borrower{emailaddress} = $memberhash{mail};
$borrower{categorycode} = $memberhash{employeeType};
##################################################
### /LOCAL
### No change needed after this line (unless there's a bug ;-) )
##################################################
The error message I get in opac-err_log is:
[Mon Dec 12 12:04:36 2005] [error] [client 172.16.60.186] LDAP Auth
impossible : user unknown in LDAP
at /usr/local/koha/intranet/modules/C4/Auth.pm line 464.
Is there anyway to modify this to get error messages printed to
opac-error_log, or use a specific user to search the directory. I'm not
very good at Perl unfortunately, better at PHP.
Kent N
More information about the Koha
mailing list