[Koha] LDAP auth and Active Directory
Joe Atzberger
ohiocore at gmail.com
Tue Sep 15 12:54:59 NZST 2009
Try auth_by_bind, optionally with a "principal_name" setting, if your
version is newer than June 30, 2009, when this patch was applied:
http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=7c2e7ad410e59d6f0c21d76859656b8aa8838ecb
principal_name is designed to compensate for the differences between
openldap and active directory.
--Joe
On Mon, Sep 14, 2009 at 11:55 AM, Nijnatten, Jan van <
jan.v.nijnatten at philips.com> wrote:
> Hi all,
>
> Earlier this month Anselm Olweny wrote:
>
> ======
> I have installed koha in my institution library and would like patrons
> to login at the opac using their active directory accounts.
>
> I have followed the instructions in the Auth_with_ldap.pm file and
> made the necessary changes in the koha-conf.xml file.
>
> I have koha version 3.0100041, however when I login using a valid
> Active Directory account I get "You entered an incorrect username or
> password." in the opac. There are also no errors in both apache and
> koha error logs.
>
> I am kindly requesting for any assistance in making this work. I would
> appreciate help relating to what changes I may need to do in active
> directory as well or Auth_with_ldap.pm. I have attached a copy of my
> koha-conf.xml so that you may show me what am getting wrong.
> ======
>
> I have exactly the same problem: incorrect username, password.
> I haven't modified auth_with_ldap.pm .
>
> See my koha-conf.xml attached.
>
> What are we doing wrong? Where can we debug?
>
>
> koha-conf.xml:
> <yazgfs>
> <!-- [scheme:]host[:port][/databaseName] -->
> <!-- scheme: tcp, ssl, unix, http, sru -->
> <!-- can run all servers on tcp, but the unix socket is faster -->
>
> <listen id="biblioserver" >unix:/var/run/koha/zebradb/bibliosocket</listen>
> <listen id="authorityserver"
> >unix:/var/run/koha/zebradb/authoritysocket</listen>
> <!-- public server runs on tcp -->
> <!-- <listen id="publicserver" >tcp:@:9999</listen> -->
>
> <!-- Settings for special biblio server instance for PazPar2.
> Because PazPar2 only connects to a Z39.50 server using TCP/IP,
> it cannot use the Unix-domain socket that biblioserver uses.
> Therefore, a custom server is defined. -->
> <!--
> <listen id="mergeserver">tcp:@:11001</listen>
> <server id="mergeserver" listenref="mergeserver">
> <directory>/var/lib/koha/zebradb/biblios</directory>
> <config>/etc/koha/zebradb/zebra-biblios.cfg</config>
> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
> </server>
> -->
>
> <!-- BIBLIOGRAPHIC RECORDS -->
> <server id="biblioserver" listenref="biblioserver">
> <directory>/var/lib/koha/zebradb/biblios</directory>
> <config>/etc/koha/zebradb/zebra-biblios.cfg</config>
> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
> <!-- <docpath>xsl</docpath> -->
> <!-- <stylesheet>xsl/default.xsl</stylesheet> -->
> <!-- <maximumrecordsize>2000000</maximumrecordsize> -->
> <retrievalinfo>
> <retrieval syntax="usmarc" name="F"/>
> <retrieval syntax="usmarc" name="B"/>
> <retrieval syntax="xml" name="F"/>
> <retrieval syntax="xml" name="B"/>
> <retrieval syntax="xml" name="marcxml"
> identifier="info:srw/schema/1/marcxml-v1.1">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="dc">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="mods">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="rdfdc">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="rss2">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RSS2.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="utils">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/>
> </backend>
> </retrieval>
> </retrievalinfo>
> <xi:include href="/etc/koha/zebradb/explain-biblios.xml"
> xmlns:xi="http://www.w3.org/2001/XInclude">
> <xi:fallback>
> <explain xmlns="http://explain.z3950.org/dtd/2.0/">
> <serverInfo>
> <host>localhost</host>
> <port>9998</port>
> <database>biblios</database>
> </serverInfo>
> </explain>
> </xi:fallback>
> </xi:include>
> </server>
> <serverinfo id="biblioserver">
> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn>
> <user>kohauser</user>
> <password>[our kohauser pw]</password>
> </serverinfo>
>
> <!-- AUTHORITY RECORDS -->
> <server id="authorityserver" listenref="authorityserver" >
> <directory>/var/lib/koha/zebradb/authorities</directory>
> <config>/etc/koha/zebradb/zebra-authorities.cfg</config>
> <cql2rpn>/etc/koha/zebradb/pqf.properties</cql2rpn>
> <!-- <docpath>xsl</docpath> -->
> <!-- <stylesheet>xsl/default.xsl</stylesheet> -->
> <!-- <maximumrecordsize>2000000</maximumrecordsize> -->
> <xi:include href="/etc/koha/zebradb/retrieval-info-auth-grs1.xml"
> xmlns:xi="http://www.w3.org/2001/XInclude">
> <xi:fallback>
> <retrievalinfo>
> <retrieval syntax="usmarc" name="F"/>
> <retrieval syntax="usmarc" name="B"/>
> <retrieval syntax="xml" name="marcxml"
> identifier="info:srw/schema/1/marcxml-v1.1">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="dc">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2DC.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="mods">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2MODS.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="rdfdc">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
> </backend>
> </retrieval>
> <retrieval syntax="xml" name="utils">
> <backend syntax="usmarc" name="F">
> <marc inputformat="marc" outputformat="marcxml"
> inputcharset="utf-8"/>
> <xslt
> stylesheet="/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/xslt/MARC21slimUtils.xsl"/>
> </backend>
> </retrieval>
> </retrievalinfo>
> </xi:fallback>
> </xi:include>
> <xi:include href="/etc/koha/zebradb/explain-authorities.xml"
> xmlns:xi="http://www.w3.org/2001/XInclude">
> <xi:fallback>
> <explain xmlns="http://explain.z3950.org/dtd/2.0/">
> <serverInfo>
> <host>localhost</host>
> <port>9999</port>
> <database>authorities</database>
> </serverInfo>
> </explain>
> </xi:fallback>
> </xi:include>
> </server>
> <serverinfo id="authorityserver">
> <ccl2rpn>/etc/koha/zebradb/ccl.properties</ccl2rpn>
> <user>kohauser</user>
> <password>[our kohauser pw]</password>
> </serverinfo>
>
> <!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE -->
>
>
> <!-- db_scheme should follow the DBD driver name -->
> <!-- port info: mysql:3306 Pg:5432 (5433 on Debian) -->
> <config>
> <db_scheme>mysql</db_scheme>
> <database>koha</database>
> <hostname>localhost</hostname>
> <port>3306</port>
> <user>kohaadmin</user>
> <pass>[our kohaadmin pw]</pass>
> <biblioserver>biblios</biblioserver>
> <biblioservershadow>1</biblioservershadow>
> <authorityserver>authorities</authorityserver>
> <authorityservershadow>1</authorityservershadow>
> <intranetdir>/usr/share/koha/intranet/cgi-bin</intranetdir>
> <opacdir>/usr/share/koha/opac/cgi-bin/opac</opacdir>
> <opachtdocs>/usr/share/koha/opac/htdocs/opac-tmpl</opachtdocs>
> <intrahtdocs>/usr/share/koha/intranet/htdocs/intranet-tmpl</intrahtdocs>
>
> <includes>/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/</includes>
> <logdir>/var/log/koha</logdir>
> <pazpar2url>http://kohadeb:11002/search.pz2</pazpar2url>
> <install_log>/usr/share/koha/misc/koha-install-log</install_log>
> <useldapserver>1</useldapserver>
> <!-- LDAP SERVER (optional) -->
> <ldapserver id="ldapserver" listenref="ldapserver">
> <hostname>nlvhtcway1dc001.code1.emi.philips.com</hostname>
> <base>dc=code1,dc=emi,dc=philips,dc=com</base>
> <user>[our admin CN ]</user> <!-- DN, if not anonymous -->
> <pass>[our password]</pass> <!-- password, if not anonymous -->
> <replicate>1</replicate> <!-- add new users from LDAP to Koha
> database -->
> <update>1</update> <!-- update existing users in Koha
> database -->
> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate by binding
> instead of
> password comparison, e.g., to use
> Active Directory -->
> <mapping> <!-- match koha SQL field names to your LDAP record
> field names -->
> <firstname is="givenName" ></firstname>
> <surname is="sn" ></surname>
> <address is="company" ></address>
> <city is="l" >Athens, OH</city>
> <zipcode is="postalCode" ></zipcode>
> <branchcode is="branch" >MAIN</branchcode>
> <userid is="sAMAccountName" ></userid>
> <password is="userPassword" ></password>
> <email is="mail" ></email>
> <categorycode is="employeeType" >PT</categorycode>
> <phone is="telephoneNumber"></phone>
> </mapping>
> </ldapserver>
> </config>
> </yazgfs>
>
>
>
>
>
> Jan van Nijnatten MSc | information architect | Philips Research - HTC 34
> p076 | +31.40.27.47894
>
> The information contained in this message may be confidential and legally
> protected under applicable law. The message is intended solely for the
> addressee(s). If you are not the intended recipient, you are hereby notified
> that any use, forwarding, dissemination, or reproduction of this message is
> strictly prohibited and may be unlawful. If you are not the intended
> recipient, please contact the sender by return e-mail and destroy all copies
> of the original message.
> _______________________________________________
> Koha mailing list
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090914/7cb8925e/attachment-0001.htm
More information about the Koha
mailing list