[Koha] Koha and LDAP: Password comparison fails
mourik jan heupink
heupink at merit.unu.edu
Thu Aug 20 08:24:41 NZST 2015
Hi Uwe,
I'm not sure if it will help you, but we have never had much luck with
the password compare routine, which koha seems to like.
I don't know any other ldap client that works like that. The usual way
(and this one works perfectly here, using openldap and also samba4/AD)
is: use <auth_by_bind>1</auth_by_bind>
Your principal_name would then be something like:
<principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name>
Hopefully this helps you as well.
MJ
On 8/18/2015 14:35, uwe wrote:
> Hello,
>
> we have a Koha-Installation and would like to connect to our OpenLDAP
> -server, but I can't get it to work.
>
> First our Koha setup:
>
>> OS: debian wheezy
>> Koha: 3.20.02
>
> Connecting to ldap-server works fine but the password comparison fails
> with the follwing error (tested in the console but also fails in the
> web gui; also given password is correct):
>
>> root at biblio:/etc/koha/sites/MY_SITE# env PERL5LIB=/usr/share/koha/lib
> KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl
> /usr/share/koha/opac/cgi-bin/opac/opac-user.pl userid=MY_MAIL_NAME at MY_
> ORG.org password=MY_PASSWORD. | head -5
>
>> Got 2 ldap mapkeys ( total ): userid
>> Got 2 ldap mapkeys (populated): userid
>> Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, <DATA> line
> 558.
>> kohaversion : 3.2002000
>> ## checkpw - checking LDAP
>> LDAP Auth rejected : invalid password for user 'MY_MAIL_NAME at MY_ORG.o
> rg'. LDAP error #5: LDAP_COMPARE_FALSE
>> # This code is returned when a compare request completes and the
> attribute value given is not in the entry specified
>>
>> Login failed, resetting anonymous session... at
> /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595.
>
> Configuration in koha-conf.xml, see below. Our ldap-server uses SSHA as
> password sheme. Could this be the problem?
>
> How can I solve it? Can't find much usefull when searching internet for
> the problem.
>
> Thanks and best wishes
> Uwe
>
>> <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap for
> extra configs you must add if you want to turn this on -->
>>
>> <!-- LDAP SERVER (optional) -->
>>
>> <ldapserver id="ldapserver" listenref="ldapserver">
>> <hostname>MY_LDAP_SERVER</hostname>
>> <base>ou=id,dc=MY_ORG,dc=org</base>
>> <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> <!-- DN,
> if not anonymous -->
>> <pass>MY_SECRET_PASSWORD</pass> <!-- password, if not
> anonymous -->
>> <replicate>0</replicate> <!-- add new users from LDAP to Koha
> database -->
>> <update>0</update> <!-- update existing users in Koha
> database -->
>> <anonymous_bind>0</anonymous_bind>
>> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate
> by binding instead of password comparison, e.g., to use Active
> Directory -->
>> <!--<principal_name>%s at MY_ORG.org</principal_name>-->
>> <mapping> <!-- match koha SQL field names to your LDAP record
> field names -->
>> <!--<firstname is="firstname"></firstname>
>> <surname is="surname"></surname>
>> <address is="postaladdress">hier</address>
>> <city is="l">Berlin</city>
>> <zipcode is="postalcode">1000</zipcode>
>> <branchcode is="businesscategory"></branchcode> -->
>> <userid is="uid"></userid>
>> <!--<password is="USER_PASSWORD"></password>
>> <email is="mail"></email>
>> <categorycode is="employeetype">PT</categorycode>
>> <phone is="telephonenumber">11111</phone>
>> <flags is="flags">2</flags> -->
>> </mapping>
>> </ldapserver>
>
>
> (hint: some private data is anonymized with large letters)
>
More information about the Koha
mailing list