[Koha] Koha 3.16 and Ldap with Active Directory not working

KIS ISM ISM at kis.in
Sun Oct 19 19:18:00 NZDT 2014 

Hi Riley,

Thank you for your help.
It works now.
I changed the bind user. And changed from ldap to ldaps and
<principal_name> from cn=%s at kis.in<mailto:cn=%25s at kis.in>  to %s at kis.in<mailto:%25s at kis.in>
It seems that the combination of those 3 things made the difference.

Best regards from India,
Rudy Wuthrich


From: Riley Childs [mailto:rchilds at cucawarriors.com]
Sent: Sunday, October 19, 2014 2:01 AM
To: KIS ISM
Subject: RE: [Koha] Koha 3.16 and Ldap with Active Directory not working

It is an issue with bind, I have found that often active directory bind users need to be delegated read permissions for the OU or domain they are providing auth for.

Riley Childs
Senior
Charlotte United Christian Academy
Library Services Administrator
IT Services
(704) 497-2086
rileychilds.net
@rowdychildren
________________________________
From: KIS ISM<mailto:ISM at kis.in>
Sent: ‎10/‎18/‎2014 11:45 AM
To: koha at lists.katipo.co.nz<mailto:koha at lists.katipo.co.nz>
Subject: Re: [Koha] Koha 3.16 and Ldap with Active Directory not working
I'm testing:
root at koha:~# /usr/share/koha/opac/cgi-bin/opac/opac-user.pl userid=AlexandreV password=xxxxxx > /tmp/.txt

Here is the error log:

kohaversion : 3.1603000
## checkpw - checking LDAP
LDAP bind failed as kohauser AlexandreV: LDAP error #49: LDAP_INVALID_CREDENTIALS
# The wrong password was supplied or the SASL credentials could not be processed

Use of uninitialized value $stored_hash in string eq at /usr/share/koha/lib/C4/A
uth.pm line 1624, <DATA> line 647.
Use of uninitialized value $stored_hash in substr at /usr/share/koha/lib/C4/Auth
.pm line 1628, <DATA> line 647.
Use of uninitialized value $stored_hash in string eq at /usr/share/koha/lib/C4/A
uth.pm line 1633, <DATA> line 647.
root at koha:~#


Does this mean the credentials for the user AlexandreV is not correct
Or the credentials for the bind user is not correct?

Anyone has an idea that you help me. (Yes, the user can login fine on Moodle with ldap to the same ldap host)

Rudy Wuthrich
Kodaikanal International School (KIS)
Tamil Nadu, India


-----Original Message-----
From: Koha [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of KIS ISM
Sent: Friday, October 17, 2014 3:37 PM
To: koha at lists.katipo.co.nz<mailto:koha at lists.katipo.co.nz>
Subject: [Koha] Koha 3.16 and Ldap with Active Directory not working

We moved from eDirectory to Active Directory and I have to change the ldap settings in koha-conf.xml

Here my koha-conf.xml  (part)   (xxxxx replaced with real values on system)

  <useldapserver>1</useldapserver>
<!-- LDAP SERVER (optional) -->
<ldapserver id="ldapserver"  listenref="ldapserver">
                <hostname>xxxxx.kis.in</hostname>
                <base> dc=kis,dc=in</base>
                <user>cn=xxxxxx,dc=kis,dc=in</user>             <!-- DN, if not anonymous -->
                <pass>xxxxxx</pass>      <!-- password, if not anonymous -->
                <auth_by_bind>1</auth_by_bind>
                <principal_name>CN=%s at kis.in</principal_name<mailto:CN=%25s at kis.in%3c/principal_name>>
                <replicate>0</replicate>  <!--    add new users from LDAP to Koha database -->
                <update>0</update>        <!--    xupdate existing users in Koha database -->
                <mapping>                  <!-- match koha SQL field names to your LDAP record field names -->
                                <firstname    is="givenname"      ></firstname>
                                <surname      is="sn"             ></surname>
                                <address      is="workforceID"    >KIS</address>
                                <city         is="workforceID"    >Kodaikanal</city>
                                <zipcode      is="workforceID"    >624 101</zipcode>
                                <branchcode   is="workforceID"    >KISHS</branchcode>
                                <userid       is="sAMAccountName"  ></userid>
                                <password     is="workforceID"    ></password>
                                <email        is="mail"           ></email>
                                <categorycode is="workforceID"   >PT</categorycode>
                                <phone        is="workforceID"></phone>
                </mapping>
</ldapserver>

I could change Authentication in Moodle without a problem.

What is wrong with my configuration for Koha?


Rudy Wuthrich
Kodaikanal International School (KIS)
Tamil Nadu, India

_______________________________________________
Koha mailing list  http://koha-community.org Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz> http://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list  http://koha-community.org
Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz>
http://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list