[Koha] LDAP authentication
mourik jan c heupink
heupink at intech.unu.edu
Wed Dec 14 00:33:53 NZDT 2005
Dear Kent,
I am no ldap expert at all, but I did notice in your Auth.pm:
my $userdnsearch = $db->search(base => "$name",
filter =>"(uid=$userid)",
);
maybe instead of "$name" it should say $name (without ") (that's what it
says in my version of the file, and I don't think we are meant to change
that...?)
And a question to Paul Poulain: which ldap server are you using? I'm on
openldap, and things don't work... Koha says the users's password is
wrong, where I am pretty sure that it *IS* the right password.
Could there be differences with passwords encryption between various
ldap servers..?
Kind regards!
Mourik Jan
KL Nasveschuk wrote:
> Hello,
> The query to LDAP works correctly. I put the ldap server in debug (slapd
> -d 3) and watch what transpires. In debug mode ldap returns all
> attributes for a user on search (error and output goes to screen).
>
> If I put in a bogus uid it returns:
> bdb_search: no candidates
>
> Cn or uid works, I guess it just matters what is being indexed in LDAP.
>
> I can't determine what is happening in the Koha side. Any suggestions on
> how to better debug the Perl side (from anyone). Just wondering on if
> Perl is using one password hashing algorithm which is not the same as
> what is in LDAP.
>
> Ex. of LDAP attribute stored in userPassword:
>
> SMD5}ox3RAPB79VIHB+KZZw+dpxKIx3A
>
> Kent N
>
>
> On Mon, 2005-12-12 at 16:46 +0100, Paul POULAIN wrote:
>
>> KL Nasveschuk a écrit :
>>
>>> Hello,
>>>
>>> I'm still trying to get LDAP authentication to work on Koha. I've
>>> modified Auth.pm with the following:
>>>
>>> ##################################################
>>> ### LOCAL
>>> ### Change the code below to match your own LDAP server.
>>> ##################################################
>>> # LDAP connexion parameters
>>> my $ldapserver = '172.16.0.24';
>>> # Infos to do an anonymous bind
>>> my $ldapinfos = 'ou=users,dc=tow,dc=net ';
>>> my $name = "ou=users,dc=tow,dc=net";
>>> my $db = Net::LDAP->new( $ldapserver );
>>>
>>> # do an anonymous bind
>>> my $res =$db->bind();
>>> # check connexion
>>> if($res->code) {
>>> # auth refused
>>> warn "LDAP Auth impossible : server not responding";
>>> return 0;
>>> # search user
>>> } else {
>>>
>> this log
>> > [Mon Dec 12 12:04:36 2005] [error] [client 172.16.60.186] LDAP Auth
>> > impossible : user unknown in LDAP
>> > at /usr/local/koha/intranet/modules/C4/Auth.pm line 464.
>>
>> means you have an error in the following code :
>>
>>
>>> my $userdnsearch = $db->search(base => "$name",
>>> filter =>"(uid=$userid)",
>>> );
>>> if($userdnsearch->code || ! ( $userdnsearch-> count eq
>>> 1 ) ) {
>>> warn "LDAP Auth impossible : user unknown in
>>> LDAP";
>>> return 0;
>>> };
>>>
>> That means :
>> * connexion was successful (otherwise, you would have LDAP Auth
>> impossible : server not responding). A good news ;-)
>> * the LDAP search failed. Meaning : uid=$userid is probably not what you
>> had to do. The query you have to do depends on your LDAP structure, I
>> can't help you more.
>>
>> just another hint. Change to :
>> warn "LDAP Auth impossible : user unknown in LDAP for $userid";
>> to see which value is in $userid !
>>
>> That could help you.
>>
>> HTH
>>
>> Anyway, I can ensure you I have 1 (and soon 2) libraries using LDAP
>> auth. Quite tricky to tune, but works fine when it's done !
>>
>> Just one reminder : the member record is created in Koha when the user
>> logs in in OPAC. So you MUST request all your users to log in at least
>> once. That's a good solution to show you now "have the great free ILS
>> called Koha" & show what it can do.
>>
>>
>
> _______________________________________________
> Koha mailing list
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list