[Koha] Koha 3 and LDAP
MJ Ray
mjr at phonecoop.coop
Mon May 26 20:39:38 NZST 2008
"Landers, Paul" <paul.landers at ttuhsc.edu> wrote:
> Does anyone have detailed instructions for enabling and configuring
> Koha 3 with LDAP for authentication? This would be one of the major
> reasons for us moving to Koha from our current ILS. The man page for
> the LDAP plugin indicates that LDAP must supply *ALL* required fields
> for patron records. Our I.T. has advised us of the following for our
> LDAP server:
>
> It can be used for authentication only. It will not return data for fields.
>
> It will not allow anonymous binds.
>
> It will not return a password for Koha to compare. Koha must supply
> the password or the hash to LDAP.
>
> Given these constraints, how do we configure Koha to use LDAP?
Slap your I.T. until they provide a useful LDAP service?
Seriously - I think you need to either:-
1. run your own LDAP server that proxies out to your I.T.'s LDAP
server for authentication - see
http://www.openldap.org/software/man.cgi?query=slapd-meta&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release
for one way to do that; OR
2. you need to customise koha to create an C4::Auth_with_ldap_and_kohadb
module that mixes C4::Auth and C4::Auth_with_ldap methods as needed.
Not returning a password probably isn't a problem. If I'm reading the
C4::Auth_with_ldap code right, Koha sends the password to the LDAP and
doesn't do anonymous binds. It's the lack of field data that's a pain.
Hope that helps,
--
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
More information about the Koha
mailing list