[Koha] Share Koha-LDAP conf

Oscar Gaona ramses02 at yahoo.com
Fri Jul 1 18:27:20 NZST 2011


Anybody using Oracle Internet Directory, OID, for Koha-LDAP authentication?

Alen,in your case, what is the ldap software?


Thanks an regards,
Oscar



________________________________
From: alen vodopijevec <alen at irb.hr>
To: koha at lists.katipo.co.nz
Cc: dpavlin at rot13.org; Oscar Gaona <ramses02 at yahoo.com>
Sent: Wednesday, June 29, 2011 4:54 PM
Subject: Re: [Koha] Share Koha-LDAP conf

I'm not sure why but I also had to format principal_name in koha-conf.xml
as follows:
--
<principal_name>uid=%s,dc=irb,dc=hr</principal_name>
--

Otherwise it doesn't work with openldap at my institution :/

regards,
--
alen


> 2011/6/22 Oscar Gaona <ramses02 at yahoo.com>:
>> Hi all
>> There are many questions and solutions around Koha-LDAP connection /
>> authentication, so it seems there is not a only way to get it because
>> each
>> Library / Institution has its own requirements / developments.
>> If you has a successful / useful experience on this topic, may you share
>> how
>> you do it, please? Obviously, changing some real names / IP's
>> Sometimes, examples are the better way to support people looking for
>> solutions...
>
> For start, I would suggest to first try 3.2.10 or current git version
> because
> there are few LDAP fixes which just got merged into repository and
> relesed.
>
> For a start, until bug 4994[1] gets merged, keep values inside
> is="ldap-field" lower case only.
>
> We are using following configuration:
>
>  <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra
> configs you must add if you want to turn this on -->
>
> <ldapserver id="ldapserver" listenref="ldapserver">
> <!--
>  <hostname>ldaps://ldap.ffzg.hr</hostname>
> -->
>  <hostname>ldap://localhost:1389</hostname>
>  <base>dc=ffzg,dc=hr</base>
>
>  <replicate>1</replicate>  <!-- add new users from LDAP to Koha database
> -->
>  <update>0</update>        <!-- update existing users in Koha database -->
>
>  <auth_by_bind>1</auth_by_bind>
>  <principal_name>%s</principal_name> <!-- optional, for auth_by_bind:
> a printf format to make userPrincipalName from koha userid -->
>
>  <mapping>            <!-- match koha SQL field names to your LDAP
> record field names -->
>     <firstname   is="givenname"     ></firstname>
>     <surname     is="sn"            ></surname>
>     <address     is="ffzg-adresa_ulica" ></address>
>     <city        is="ffzg-adresa_grad" ></city>
> <!--
>     <zipcode     is="ffzg-adresa_postanski_broj"></zipcode>
> --->
>
>     <branchcode  is="local-branch"        >FFZG</branchcode>
>     <userid      is="hrEduPersonUniqueID"  ></userid>
>     <password    is="userpassword"  ></password>
>     <email       is="mail"          ></email>
>     <categorycode is="hrEduPersongroupmember"  >IMP</categorycode>
>
>     <dateofbirth is="hredupersondateofbirth" ></dateofbirth>
>     <sex is="ffzg-spol" ></sex>
>     <phone is="ffzg-tel_fixed"></phone>
>     <mobile is="ffzg-tel_mobile"></mobile>
>
>     <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry>
>
>     <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG>
>        <OIB is="hrEduPersonOIB"></OIB>
>
>  </mapping>
> </ldapserver>
>
> This configuration works with changes in bug 4994, otherwise
> everything inside is=""
> would have to be lowercase only.
>
> We are using few of HrEdu* attributes which are specific to our national
> LDAP
> schema, and probably unusual combination of replication (to create users
> who
> logged in first time over web) without update (since we will edit patron's
> data
> locally, and then our data will be more current that LDAP data, so we
> don't want
> to overwrite it).
>
> Hope this helps.
>
> 1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994
>
> --
>  ...2share!2flame... http://blog.rot13.org
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>
>
> ----------------------------- UPOZORENJE -----------------------------
>
>    Automatskom detekcijom utvrdjeno je da se u ovoj poruci
>    pojavljuje rijec "PASSWORD" ili "LOZINKA".
>
>    AKO SE U PORUCI TRAZI DA POSALJETE SVOJU IRB LOZINKU
>    NEMOJTE TO NIKAKO UCINITI JER SE RADI O NAPADU S CILJEM
>    KRADJE ELEKTRONICKOG IDENTITETA.
>
>  Centar za informatiku i racunarstvo,
>  Institut Rudjer Boskovic
>
> ----------------------------- UPOZORENJE -----------------------------
>
>
>


-- 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20110630/c661ec63/attachment-0001.htm 


More information about the Koha mailing list