[Koha-bugs] [Bug 31596] New: LDAP ACTIVE DIRECTORY with different domain suffix

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Sep 22 06:49:14 CEST 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31596

            Bug ID: 31596
           Summary: LDAP ACTIVE DIRECTORY with different domain suffix
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: blocker
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: hamsiah at interxs.com.my
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

Koha version:   18.11.13.000
OS version ('uname -a'): Linux 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2
(2018-07-14) x86_64

Hi,
I have success connecting KOHA with ACTIVE DIRECTORY for staff. However if I
want to authenticate student, login is failed due to different domain suffix.
This is my working ldap-activedirectory authentication. 

------------------------------------------------------------

<useldapserver>1</useldapserver>
  <ldapserver id="ldapserver" listenref="ldapserver">
  <hostname>ldap://ldaphostname:389</hostname>
  <base>OU=Staf,OU=Student,OU=User,OU=uuu,DC=dc,DC=local</base>
  <replicate>0</replicate>
  <update>0</update>
  <auth_by_bind>1</auth_by_bind>
  <anonymous_bind>0</anonymous_bind>
  <principal_name>%s at uuu.edu.my</principal_name>
  <update_password>0</update_password>
  <mapping>
      <userid       is="CN"        ></userid>
  </mapping>
  </ldapserver>

-------------------------------------------------------------

This config is already working smoothly. But since STUDENT's email has
different suffix domain such as %s at student.uuu.edu.my, hence the login is
failed. 

Is there a way to combine multiple principal_name to make this work? I have
read other bugs that said multiple ldapserver is not developed. In this case,
it's not multiple ldapserver cause it has the same hostname and details. Only
the domain in principal_name is different.

-------------------------------------------------------------

The error I got when student is logged in is:
>> LDAP bind failed as kohauser MA19126: LDAP error #49: LDAP_INVALID_CREDENTIALS
>> The wrong password was supplied or the SASL credentials could not be processed

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list