[Koha] Koha 3 and LDAP
Paul Landers
paul.landers at ttuhsc.edu
Fri Aug 29 03:10:28 NZST 2008
You were correct. Thank you.
Our Systems folks originally did the mod in Auth_with_ldap.pm in the
pre-RC1 release to address the bind vs. auth question, however I now
read that 3.0 (final release) handles this automatically (http://wiki.koha.org/doku.php?id=en:development:ldap
)? Unfortunately our Systems folks are too busy to assist us again
after the upgrade. Does anyone else have some LDAP experience and
could help us mod/reconfigure? In testing our LDAP from luma and
phpldapadmin, successful binds can occur only if the scope is set to
subtree. If only the base is specified we get bind failures.
Paul
On Aug 22, 2008, at 5:07 PM, Joe Atzberger wrote:
> The (unmodified) LDAP code can be configured to copy account
> information into Koha at authentication. This might account for
> what you see. Try changing a password in the LDAP and then logging
> in to Koha w/ that new password. If you don't get in anymore, then
> you aren't currently using LDAP, but you still might have old info
> on anybody that logged in.
>
> --Joe
>
> On Fri, Aug 22, 2008 at 5:41 PM, Paul Landers
> <paul.landers at ttuhsc.edu> wrote:
> Mourik, I have a Koha 3.0 test server upgraded from an original 3.0
> RC1 installation. Our I.T. systems group successfully modified /
> etc/
> koha/koha-conf.xml and Auth_with_ldap.pm to integrate with our
> LDAP. After upgrading from RC1 to 3.0 I noticed that our modified
> koha-conf.xml and Auth_with_ldap.pm were renamed and replaced with new
> files. However, LDAP authentication continues to work properly
> despite our customizations no longer existing! What would account for
> this unexpected success?
>
> Paul Landers
> I.T. Section Manager
> TTUHSC Preston Smith Library
> paul.landers at ttuhsc.edu
> 806.743.2220
>
> On May 29, 2008, at 2:03 AM, mourik jan c heupink wrote:
>
> > > Not returning a password probably isn't a problem. If I'm reading
> > the
> > > C4::Auth_with_ldap code right, Koha sends the password to the LDAP
> > and
> > > doesn't do anonymous binds. It's the lack of field data that's a
> > pain.
> >
> > I'm not (yet) familiar with koha3. Normal koha 2 ldap interface
> was to
> > retrieve the actual password from ldap, and compare it with the
> > password
> > to user supplied. (which is a strange and incompatible way to
> verify a
> > password)
> >
> > Fortunately it was not difficult to change this behaviour to
> something
> > else: Attempt to bind to the ldap server with the username/
> password to
> > user provided.
> >
> > If the binds succeeds, the password is correct. If the bind fails,
> > there
> > could be all sorts of problems: wrong password, ldap server down,
> > network problems, whatever, but result: NO acces.
> >
> > See this page I created: http://wiki.koha.org/doku.php?
> id=ldap&s=ldap
> >
> > But I agree: you do need (at least some of) the various fields.
> > _______________________________________________
> > Koha mailing list
> > Koha at lists.katipo.co.nz
> > http://lists.katipo.co.nz/mailman/listinfo/koha
>
> _______________________________________________
> Koha mailing list
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
More information about the Koha
mailing list