[Koha] Share Koha-LDAP conf
Oscar Gaona
ramses02 at yahoo.com
Fri Jul 1 18:27:20 NZST 2011
Anybody using Oracle Internet Directory, OID, for Koha-LDAP authentication?
Alen,in your case, what is the ldap software?
Thanks an regards,
Oscar
________________________________
From: alen vodopijevec <alen at irb.hr>
To: koha at lists.katipo.co.nz
Cc: dpavlin at rot13.org; Oscar Gaona <ramses02 at yahoo.com>
Sent: Wednesday, June 29, 2011 4:54 PM
Subject: Re: [Koha] Share Koha-LDAP conf
I'm not sure why but I also had to format principal_name in koha-conf.xml
as follows:
--
<principal_name>uid=%s,dc=irb,dc=hr</principal_name>
--
Otherwise it doesn't work with openldap at my institution :/
regards,
--
alen
> 2011/6/22 Oscar Gaona <ramses02 at yahoo.com>:
>> Hi all
>> There are many questions and solutions around Koha-LDAP connection /
>> authentication, so it seems there is not a only way to get it because
>> each
>> Library / Institution has its own requirements / developments.
>> If you has a successful / useful experience on this topic, may you share
>> how
>> you do it, please? Obviously, changing some real names / IP's
>> Sometimes, examples are the better way to support people looking for
>> solutions...
>
> For start, I would suggest to first try 3.2.10 or current git version
> because
> there are few LDAP fixes which just got merged into repository and
> relesed.
>
> For a start, until bug 4994[1] gets merged, keep values inside
> is="ldap-field" lower case only.
>
> We are using following configuration:
>
> <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra
> configs you must add if you want to turn this on -->
>
> <ldapserver id="ldapserver" listenref="ldapserver">
> <!--
> <hostname>ldaps://ldap.ffzg.hr</hostname>
> -->
> <hostname>ldap://localhost:1389</hostname>
> <base>dc=ffzg,dc=hr</base>
>
> <replicate>1</replicate> <!-- add new users from LDAP to Koha database
> -->
> <update>0</update> <!-- update existing users in Koha database -->
>
> <auth_by_bind>1</auth_by_bind>
> <principal_name>%s</principal_name> <!-- optional, for auth_by_bind:
> a printf format to make userPrincipalName from koha userid -->
>
> <mapping> <!-- match koha SQL field names to your LDAP
> record field names -->
> <firstname is="givenname" ></firstname>
> <surname is="sn" ></surname>
> <address is="ffzg-adresa_ulica" ></address>
> <city is="ffzg-adresa_grad" ></city>
> <!--
> <zipcode is="ffzg-adresa_postanski_broj"></zipcode>
> --->
>
> <branchcode is="local-branch" >FFZG</branchcode>
> <userid is="hrEduPersonUniqueID" ></userid>
> <password is="userpassword" ></password>
> <email is="mail" ></email>
> <categorycode is="hrEduPersongroupmember" >IMP</categorycode>
>
> <dateofbirth is="hredupersondateofbirth" ></dateofbirth>
> <sex is="ffzg-spol" ></sex>
> <phone is="ffzg-tel_fixed"></phone>
> <mobile is="ffzg-tel_mobile"></mobile>
>
> <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry>
>
> <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG>
> <OIB is="hrEduPersonOIB"></OIB>
>
> </mapping>
> </ldapserver>
>
> This configuration works with changes in bug 4994, otherwise
> everything inside is=""
> would have to be lowercase only.
>
> We are using few of HrEdu* attributes which are specific to our national
> LDAP
> schema, and probably unusual combination of replication (to create users
> who
> logged in first time over web) without update (since we will edit patron's
> data
> locally, and then our data will be more current that LDAP data, so we
> don't want
> to overwrite it).
>
> Hope this helps.
>
> 1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994
>
> --
> ...2share!2flame... http://blog.rot13.org
> _______________________________________________
> Koha mailing list http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>
>
> ----------------------------- UPOZORENJE -----------------------------
>
> Automatskom detekcijom utvrdjeno je da se u ovoj poruci
> pojavljuje rijec "PASSWORD" ili "LOZINKA".
>
> AKO SE U PORUCI TRAZI DA POSALJETE SVOJU IRB LOZINKU
> NEMOJTE TO NIKAKO UCINITI JER SE RADI O NAPADU S CILJEM
> KRADJE ELEKTRONICKOG IDENTITETA.
>
> Centar za informatiku i racunarstvo,
> Institut Rudjer Boskovic
>
> ----------------------------- UPOZORENJE -----------------------------
>
>
>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20110630/c661ec63/attachment-0001.htm
More information about the Koha
mailing list