[Koha] FW: Koha 3.0 LDAP Question?

Barry Cannon bc at interleaf.ie
Sat Feb 14 01:30:38 NZDT 2009


                Thanks for this info...I can now authenticate against my
LDAP server with no problems. However, when I start enabling <replicate>
and <update> to try and add the AD users into Koha the replication
doesn't occur. The authentication still works but the users information,
as per mappings, doesn't come across into Koha. There are no errors


Does anyone have any suggestions?





From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:35
To: Barry Cannon
Cc: koha at lists.katipo.co.nz
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?


Sure, it took me a while to get it working, but we have it working now.


In our koha-conf.xml, we have this section in the config section
(between <config> and </config> near the end of the file):



 <ldapserver id="ldapserver">



not anonymous -->

    <pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous -->

    <replicate>0</replicate>   <!-- add new users from LDAP to Koha
database -->

    <update>0</update>         <!-- update existing users in Koha
database -->

    <mapping>                  <!-- match koha SQL field names to your
LDAP record field names -->

          <!--<cardnumber is="" ></cardnumber>-->

      <!--<firstname    is="givenname"      ></firstname>-->

      <!--<surname      is="sn"             ></surname>-->

      <!--<address              is=""   > </address>-->

      <!--<city                 is=""                           >

      <!--<zipcode              is=""           ></zipcode>-->

      <!--<branchcode is ="">MAIN</branchcode>-->

      <userid       is="samAccountName" ></userid>

      <password     is=""   ></password>

      <!--<email        is="mail"           ></email>-->

      <!--<categorycode is="employeetype"   > </categorycode>-->

      <!--<phone                is=""></phone>-->




Most of the attributes are commented out because we populate our users
in Koha from a different system and they only log in using their AD
password. We don't want to add new users or update existing users.


Then in Auth_with_ldap.pm at line 102 (thanks to this thread


Change these lines:


      my $userldapentry = $search->shift_entry;

        my $cmpmesg = $db->compare( $userldapentry,
attr=>'userpassword', value => $password );

        if ($cmpmesg->code != 6) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'. " . description($cmpmesg);

                return 0;



To this:


      my $userldapentry = $search->shift_entry;


        my $dbuser = Net::LDAP->new( [$prefhost] );

        $res = $dbuser->bind( $userldapentry, password => $password );

        unless ( $db && ! $res->code ) {

                warn "LDAP Auth rejected : invalid password for user

                return 0;



We had an additional problem with the Auth_with_ldap.pm automatically
updating the card number with the user's login. We have existing cards
with specific numbers that we're importing, so I had to disable a couple
of other lines (lines 116 and 117 in Auth_with_ldap.pm, before the first


#($config{update}   ) and my $c2 =
&update_local($userid,$password,$borrowernumber,\%borrower) || '';

                #($cardnumber eq $c2) or warn "update_local returned
cardnumber '$c2' instead of '$cardnumber'";


Hopefully this helps.


James Winter



From: Barry Cannon [mailto:bc at interleaf.ie] 
Sent: Thursday, February 12, 2009 12:06 PM
To: Winter, James
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?


Yes, I am using Active Directory. Do you have any tips?


From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:06
To: Barry Cannon
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?


Are you using Active Directory?


James Winter



From: koha-bounces at lists.katipo.co.nz
[mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Barry Cannon
Sent: Thursday, February 12, 2009 9:17 AM
To: koha at lists.katipo.co.nz
Subject: [Koha] FW: Koha 3.0 LDAP Question?


I have been trying to configure LDAP and have a couple of questions:


The Wiki says: There are two parts of the KOHA_CONF file (default
location: /etc/koha.xml) relevant to LDAP authentication: the
configuration stanza itself, and the "switch" line that enables or
disables LDAP. The switch appears in the main <config> section, 0 for
"off" and 1 for "on",....


Should I take this to mean the koha-conf.xml file? There is no koha.xml
file on our installed server? If it is this file, do I simply add the
LDAP server options in the config file. 


I have assumed that is what is needed but I can't figure out where to go
from there? Is there an Admin tool to configure/test the LPAD






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090213/8093114b/attachment-0001.htm 

More information about the Koha mailing list