[Koha] Ldap + Active Directory

Hristos Triantafillou Hristos.Triantafillou at high-voltage.com
Wed Jul 27 04:23:41 NZST 2011


Hi again!

I just now was able to authenticate to our Windows 2008 r2 domain and I wanted to thank everyone in IRC who helped point me in the right direction!

I discovered a more verbose error log at "/var/log/koha/LIBRARY_NAME/opac-error.log (where LIBRARY_NAME is the name of your library), this proved invaluable to getting more feedback about what was wrong with my mapping.

So to anybody that struggles with this going forward, check that log and rather than the global opac log and you will find the problem much more quickly.

-Hristos

From: Hristos Triantafillou
Sent: Tuesday, July 19, 2011 4:20 PM
To: Hristos Triantafillou; koha-user
Subject: RE: [Koha] Ldap + Active Directory

Greetings,

With the help of sekjal in IRC I've been directed to the bottom portion of the "Auth_with_ldap.pm" file where the required mapping fields are listed. It says I can find them by checking the "borrowers" table, so I did this:

# mysql -e "use koha; show COLUMNS from borrowers;" | grep NO | awk -F"\t" '{print $1}'
borrowernumber
surname
address
city
branchcode
categorycode

These are the ones that I see as being required, correct me if I am mistaken, but some of these do not exist in our Active Directory schema. For example, we do not have an attribute type called "address", "city", or "branchcode" so I tried to map them to one we do have called "company". No success, I try to log in and am told that I have entered an incorrect username or password. There is no further information about what may be wrong in the "/var/log/koha/koha-opac-error_log" file so I am at a dead end (aside from the guess and check approach).

Am I supposed to create the absent attributes within our schema, or would leaving them blank suffice since they don't exist?

Thank you for reading!
-Hristos


From: koha-bounces at lists.katipo.co.nz [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Hristos Triantafillou
Sent: Wednesday, July 13, 2011 1:58 PM
To: koha-user
Subject: Re: [Koha] Ldap + Active Directory

Thanks Tim,

We did try it with that specific case usage, but I am currently re-reviewing all of our schema values versus what we are actually using. Good catch there! If all else fails I will try to apply the patch that Ian pointed out.

-Hristos

From: koha-bounces at lists.katipo.co.nz [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Tim Bateson
Sent: Wednesday, July 13, 2011 1:25 PM
To: koha-user
Subject: Re: [Koha] Ldap + Active Directory


I recently got this working on on our Debiab squeeze server. I am sure one of the issues for me was that

koha-conf.xml

You have
 <userid       is="samaccountname" ></userid>

and to get I had issues until I corrected the case

 <userid       is="sAMAccountName" ></userid>
Also noticed you have two branchcodes and one is blank. Have you created or got a Branchcode called Main, I had issues with logon until I setup some information for our initial branch

Hope the above helps, ask again if you this does not work.
Tim

On 13 Jul 2011 14:55, "Lori Bowen Ayre" <lori.ayre at galecia.com<mailto:lori.ayre at galecia.com>> wrote:
> True! More of us would benefit from the answer but it is hard to monitor so
> many places at once and the super techie folks are more likely there than
> here. Luckily the IRC channel is logged so it isn't lost forever (see
> http://stats.workbuffer.org/irclog/koha/2011-07-13).
>
> Lori
>
> 2011/7/13 bash-fu34 <licensing at high-voltage.com<mailto:licensing at high-voltage.com>>
>
>> Will try that, thanks!****
>>
>> ** **
>>
>> Just appears that email would be more efficient and good for reference
>> later. : )****
>>
>> ** **
>>
>> ** **
>>
>> *From:* Lori Bowen Ayre [via Koha] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=4582740&i=0>]
>>
>> *Sent:* Wednesday, July 13, 2011 8:39 AM
>> *To:* Licensing
>> *Subject:* Re: Ldap + Active Directory****
>>
>> ** **
>>
>> Since you didn't get a response on this list, you might jump onto the IRC
>> channel. Have you tried that?****
>>
>> ** **
>>
>> Here's how: Point your favorite IRC client at *click here. *
>>
>> ------------------------------
>> View this message in context: RE: Ldap + Active Directory<http://koha.1045719.n5.nabble.com/Ldap-Active-Directory-tp4533702p4582740.html>
>>
>> Sent from the Koha - Discuss mailing list archive<http://koha.1045719.n5.nabble.com/Koha-Discuss-f3047918.html>at Nabble.com.
>>
>> _______________________________________________
>> Koha mailing list http://koha-community.org
>> Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz>
>> http://lists.katipo.co.nz/mailman/listinfo/koha
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20110726/6404344a/attachment.htm 


More information about the Koha mailing list