[Koha] FW: Koha 3.0 LDAP Question?

Barry Cannon bc at interleaf.ie
Sat Feb 14 01:30:38 NZDT 2009


James,

                Thanks for this info...I can now authenticate against my
LDAP server with no problems. However, when I start enabling <replicate>
and <update> to try and add the AD users into Koha the replication
doesn't occur. The authentication still works but the users information,
as per mappings, doesn't come across into Koha. There are no errors
either?

 

Does anyone have any suggestions?

 

Thanks

Bar

 

From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:35
To: Barry Cannon
Cc: koha at lists.katipo.co.nz
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?

 

Sure, it took me a while to get it working, but we have it working now.

 

In our koha-conf.xml, we have this section in the config section
(between <config> and </config> near the end of the file):

 

<useldapserver>1</useldapserver>

 <ldapserver id="ldapserver">

    <hostname>LDAPSERVERNAMEHERE:389</hostname>

    <base>dc=DOMAIN,dc=COM</base>

    <user> CN=[USER THAT CAN BROWSE ACTIVE DIRECTORY],OU=[OU OF USER
(MULTIPLE ENTRIES IF NESTED OU)],DC=DOMAIN,DC=COM </user>    <!-- DN, if
not anonymous -->

    <pass>[PASSWORD OF USER]</pass><!-- password, if not anonymous -->

    <replicate>0</replicate>   <!-- add new users from LDAP to Koha
database -->

    <update>0</update>         <!-- update existing users in Koha
database -->

    <mapping>                  <!-- match koha SQL field names to your
LDAP record field names -->

          <!--<cardnumber is="" ></cardnumber>-->

      <!--<firstname    is="givenname"      ></firstname>-->

      <!--<surname      is="sn"             ></surname>-->

      <!--<address              is=""   > </address>-->

      <!--<city                 is=""                           >
</city>-->

      <!--<zipcode              is=""           ></zipcode>-->

      <!--<branchcode is ="">MAIN</branchcode>-->

      <userid       is="samAccountName" ></userid>

      <password     is=""   ></password>

      <!--<email        is="mail"           ></email>-->

      <!--<categorycode is="employeetype"   > </categorycode>-->

      <!--<phone                is=""></phone>-->

    </mapping>

</ldapserver>

 

Most of the attributes are commented out because we populate our users
in Koha from a different system and they only log in using their AD
password. We don't want to add new users or update existing users.

 

Then in Auth_with_ldap.pm at line 102 (thanks to this thread
http://lists.koha.org/pipermail/koha-devel/2008-September/008355.html)

 

Change these lines:

 

      my $userldapentry = $search->shift_entry;

        my $cmpmesg = $db->compare( $userldapentry,
attr=>'userpassword', value => $password );

        if ($cmpmesg->code != 6) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'. " . description($cmpmesg);

                return 0;

        }

 

To this:

 

      my $userldapentry = $search->shift_entry;

        

        my $dbuser = Net::LDAP->new( [$prefhost] );

        $res = $dbuser->bind( $userldapentry, password => $password );

        unless ( $db && ! $res->code ) {

                warn "LDAP Auth rejected : invalid password for user
'$userid'";

                return 0;

        }

 

We had an additional problem with the Auth_with_ldap.pm automatically
updating the card number with the user's login. We have existing cards
with specific numbers that we're importing, so I had to disable a couple
of other lines (lines 116 and 117 in Auth_with_ldap.pm, before the first
edit.)

 

#($config{update}   ) and my $c2 =
&update_local($userid,$password,$borrowernumber,\%borrower) || '';

                #($cardnumber eq $c2) or warn "update_local returned
cardnumber '$c2' instead of '$cardnumber'";

 

Hopefully this helps.

 

James Winter

215.517.2588

 

From: Barry Cannon [mailto:bc at interleaf.ie] 
Sent: Thursday, February 12, 2009 12:06 PM
To: Winter, James
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?

 

Yes, I am using Active Directory. Do you have any tips?

 

From: Winter, James [mailto:WinterJ at arcadia.edu] 
Sent: 12 February 2009 17:06
To: Barry Cannon
Subject: RE: [Koha] FW: Koha 3.0 LDAP Question?

 

Are you using Active Directory?

 

James Winter

215.517.2588

 

From: koha-bounces at lists.katipo.co.nz
[mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Barry Cannon
Sent: Thursday, February 12, 2009 9:17 AM
To: koha at lists.katipo.co.nz
Subject: [Koha] FW: Koha 3.0 LDAP Question?

 

I have been trying to configure LDAP and have a couple of questions:

 

The Wiki says: There are two parts of the KOHA_CONF file (default
location: /etc/koha.xml) relevant to LDAP authentication: the
configuration stanza itself, and the "switch" line that enables or
disables LDAP. The switch appears in the main <config> section, 0 for
"off" and 1 for "on",....

 

Should I take this to mean the koha-conf.xml file? There is no koha.xml
file on our installed server? If it is this file, do I simply add the
LDAP server options in the config file. 

 

I have assumed that is what is needed but I can't figure out where to go
from there? Is there an Admin tool to configure/test the LPAD
authentication?

 

Thanks

Barry

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090213/8093114b/attachment-0001.htm 


More information about the Koha mailing list