[Koha] FW: Koha 3.0 LDAP Question?

Winter, James WinterJ at arcadia.edu
Fri Feb 13 06:34:37 NZDT 2009 

Sure, it took me a while to get it working, but we have it working now.

 

In our koha-conf.xml, we have this section in the config section
(between <config> and </config> near the end of the file):

 

<useldapserver>1</useldapserver>

 <ldapserver id="ldapserver">

    <hostname>LDAPSERVERNAMEHERE:389</hostname>

    <base>dc=DOMAIN,dc=COM</base>

    <user> CN=[USER THAT CAN BROWSE ACTIVE DIRECTORY],OU=[OU OF USER
(MULTIPLE ENTRIES IF NESTED OU)],DC=DOMAIN,DC=COM </user>    <!-- DN, if
not anonymous -->

    <pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous -->

    <replicate>0</replicate>   <!-- add new users from LDAP to Koha
database -->

    <update>0</update>         <!-- update existing users in Koha
database -->

    <mapping>                  <!-- match koha SQL field names to your
LDAP record field names -->

          <!--<cardnumber is="" ></cardnumber>-->

      <!--<firstname    is="givenname"      ></firstname>-->

      <!--<surname      is="sn"             ></surname>-->

      <!--<address              is=""   > </address>-->

      <!--<city                 is=""                           >
</city>-->

      <!--<zipcode              is=""           ></zipcode>-->

      <!--<branchcode is ="">MAIN</branchcode>-->

      <userid       is="samAccountName" ></userid>

      <password     is=""   ></password>

      <!--<email        is="mail"           ></email>-->

      <!--<categorycode is="employeetype"   > </categorycode>-->

      <!--<phone                is=""></phone>-->

    </mapping>

</ldapserver>

 

Most of the attributes are commented out because we populate our users
in Koha from a different system and they only log in using their AD
password. We don't want to add new users or update existing users.

 

Then in Auth_with_ldap.pm at line 102 (thanks to this thread
http://lists.koha.org/pipermail/koha-devel/2008-September/008355.html)

 

Change these lines:

 

      my $userldapentry = $search->shift_entry;

        my $cmpmesg = $db->compare( $userldapentry,
attr=>'userpassword', value => $password );

        if ($cmpmesg->code != 6) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'. " . description($cmpmesg);

                return 0;

        }

 

To this:

 

      my $userldapentry = $search->shift_entry;

        

        my $dbuser = Net::LDAP->new( [$prefhost] );

        $res = $dbuser->bind( $userldapentry, password => $password );

        unless ( $db && ! $res->code ) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'";

                return 0;

        }

 

We had an additional problem with the Auth_with_ldap.pm automatically
updating the card number with the user's login. We have existing cards
with specific numbers that we're importing, so I had to disable a couple
of other lines (lines 116 and 117 in Auth_with_ldap.pm, before the first
edit.)

 

#($config{update}   ) and my $c2 =
&update_local($userid,$password,$borrowernumber,\%borrower) || '';

                #($cardnumber eq $c2) or warn "update_local returned
cardnumber '$c2' instead of '$cardnumber'";

 

Hopefully this helps.

 

James Winter

215.517.2588

 

From: Barry Cannon [mailto:bc at interleaf.ie] 
Sent: Thursday, February 12, 2009 12:06 PM
To: Winter, James
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?

 

Yes, I am using Active Directory. Do you have any tips?

 

From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:06
To: Barry Cannon
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?

 

Are you using Active Directory?

 

James Winter

215.517.2588

 

From: koha-bounces at lists.katipo.co.nz
[mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Barry Cannon
Sent: Thursday, February 12, 2009 9:17 AM
To: koha at lists.katipo.co.nz
Subject: [Koha] FW: Koha 3.0 LDAP Question?

 

I have been trying to configure LDAP and have a couple of questions:

 

The Wiki says: There are two parts of the KOHA_CONF file (default
location: /etc/koha.xml) relevant to LDAP authentication: the
configuration stanza itself, and the "switch" line that enables or
disables LDAP. The switch appears in the main <config> section, 0 for
"off" and 1 for "on",....

 

Should I take this to mean the koha-conf.xml file? There is no koha.xml
file on our installed server? If it is this file, do I simply add the
LDAP server options in the config file. 

 

I have assumed that is what is needed but I can't figure out where to go
from there? Is there an Admin tool to configure/test the LPAD
authentication?

 

Thanks

Barry

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090212/205f4901/attachment-0001.htm

More information about the Koha mailing list