[Koha] Koha authentication against existing LDAP directory
Ben Finney
ben+koha at benfinney.id.au
Wed Jun 10 12:51:49 NZST 2009
Ben Finney <ben+koha at benfinney.id.au> writes:
> It occurred to me, discussing with Chris, that perhaps what I'm seeing
> from Koha is that the *authentication* worked, but the user has no
> permission. If true, that would be a step forward.
A discussion on IRC with Galen Charlton confirmed that indeed, the
authentication was working. The creation of the borrower record failed
due to confusion over the MySQL schema and the mapping from
LDAP-to-MySQL fields.
I have now imported the “optional data” from the SQL files in
‘installer/data/mysql/en/optional/’. I now have the following Koha
config for the LDAP section:
=====
<config>
…
<useldapserver>1</useldapserver
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>trimserver-admin.lan</hostname>
<base>ou=People,dc=lan</base>
<replicate>1</replicate> <!-- add new users from LDAP to Koha database -->
<update>1</update> <!-- update existing users in Koha database -->
<auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding instead of
password comparison, e.g., to use Active Directory -->
<mapping> <!-- match koha SQL field names to your LDAP record field names -->
<firstname is="givenname" ></firstname>
<surname is="sn" ></surname>
<address is="postaladdress" >Unknown address</address>
<city is="l" >Unknown city</city>
<!-- <zipcode is="postalcode" ></zipcode> -->
<branchcode is="branch" >CPL</branchcode>
<userid is="uid" ></userid>
<password is="userpassword" ></password>
<!-- <email is="mail" ></email> -->
<categorycode is="employeetype" >PT</categorycode>
<!-- <phone is="telephonenumber"></phone> -->
</mapping>
</ldapserver>
</config>
=====
(Side note: isn't one of the main points of a NULL in a database to
indicate “the value for this column is currently unknown”? It would be
better, I'd think, for the Koha code to use a NULL field to indicate
that state, rather than setting the schema NOT NULL for those columns.)
Now, when successfully authenticating against LDAP in the admin
interface, a new borrower record is created in the ‘borrowers’ table, if
the user was previously unknown.
I'm getting errors still, but it appears that authentication has
succeeded. Thanks for everyone's help so far.
--
\ “The apparent lesson of the Inquisition is that insistence on |
`\ uniformity of belief is fatal to intellectual, moral, and |
_o__) spiritual health.” —_The Uses Of The Past_, Herbert J. Muller |
Ben Finney
More information about the Koha
mailing list