[Bug 14507] New: SIP Authentication broken when LDAP Auth Enabled
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Bug ID: 14507 Summary: SIP Authentication broken when LDAP Auth Enabled Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Authentication Assignee: gmcharlt@gmail.com Reporter: shiundu@gmail.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org SIP Authentication is broken when LDAP Auth Enabled. With ldap enabled, testing via telnet using 9300CNkohasipuserid|COkohasipuserpwd|CPmybranch| returns 941 but sip.err shows: LDAP bind failed as kohauser kohasipuser: LDAP error #49: LDAP_INVALID_CREDENTIALS # The wrong password was supplied or the SASL credentials could not be processed When ldap auth is disabled in koha-xml.conf everything works as advertised. When kohasipuser is added to ldap the above error in sip.err goes away but Koha users still cannot login via SIP. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Colin Campbell <colin.campbell@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |colin.campbell@ptfs-europe. | |com --- Comment #1 from Colin Campbell <colin.campbell@ptfs-europe.com> --- Can you document the messages and responses. The initial error suggests that the login is failing especially as sip.err is closed as soon at login succeeds. Not sure what is involved ehen you say "Koha users cannot login via SIP" what request are you sending and what response are you receiving? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 --- Comment #2 from Bernard Shiundu <shiundu@gmail.com> --- (In reply to Colin Campbell from comment #1)
Can you document the messages and responses. The initial error suggests that the login is failing especially as sip.err is closed as soon at login succeeds.
Took a further look on syslog and the outputs below: ============= Scenario A: LDAP Enabled: ============= koha_sip[29552]: Configuration::find_service: Trying 9001/tcp koha_sip[29552]: raw_transport: uname/inst: 'term1/SUL' koha_sip[29552]: read_SIP_packet, INPUT MSG: '9300CNterm1|COterm1|CPSUL|AY1AZF5DE' koha_sip[29552]: INPUT MSG: '9300CNterm1|COterm1|CPSUL|AY1AZF5DE' koha_sip[29552]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '9300CNterm...', '93'): seq.no '1', protocol 2 koha_sip[29552]: Sip::MsgType::_initialize('Login', '00CNterm1|COterm1|CPSUL|', 'A1A1', '2', ...) koha_sip[29552]: Successful login/auth for 'term1' of 'SUL' koha_sip[29552]: login_core: $VAR1 = 'ILS'; koha_sip[29552]: new ILS 'SUL' koha_sip[29552]: OUTPUT MSG: '941AY1AZFDFC' koha_sip[29552]: read_SIP_packet, INPUT MSG: '9900302.00AY2AZFCA4' koha_sip[29552]: INPUT MSG: '9900302.00AY2AZFCA4' koha_sip[29552]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '9900302.00...', '99'): seq.no '2', protocol 2 koha_sip[29552]: Sip::MsgType::_initialize('SC Status', '00302.00', 'CA3A4', '8', ...) koha_sip[29552]: OUTPUT MSG: '98YYYYNN10000520150804 1304072.00AOSUL|BXYYYYYYYYYYYNYYYY|AY2AZEE64' koha_sip[29552]: read_SIP_packet, INPUT MSG: '6300120150804 130404 AOSUL|AAkohauser|AC|ADldappwd|AY3AZED0C' koha_sip[29552]: INPUT MSG: '6300120150804 130404 AOSUL|AAkohauser|AC|ADldappwd|AY3AZED0C' koha_sip[29552]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '6300120150...', '63'): seq.no '3', protocol 2 koha_sip[29552]: Sip::MsgType::_initialize('Patron Info', '00120150804 130404 AOSUL|AAkohauser|AC|ADldappwd|', 'A3A18A10','31', ...) koha_sip[29552]: new ILS::Patron(kohauser): found patron '00783' koha_sip[29552]: patron_status_string: 00783 charge_ok: 1 koha_sip[29552]: OUTPUT MSG: '64 00120150804 130407000000080008000000000000AOSUL|AA00783|AEBernard Shiundu Simwenyi|BLY|CQN|CC5001|BDP O Box 41539 Mombasa 80100|BEkohauser@my.email|BF0721 230520|PCAC|PIY|AFGreetings from Koha. |AY3AZC03E' koha_sip[29552]: read_SIP_packet, INPUT MSG: '' koha_sip[29552]: read_SIP_packet input empty (), end of input. koha_sip[29552]: raw_transport: shutting down ================ Scenario B: LDAP Disabled ================ koha_sip[29264]: Configuration::find_service: Trying 9001/tcp koha_sip[29264]: raw_transport: timeout is 60 koha_sip[29264]: read_SIP_packet, INPUT MSG: '9300CNterm1|COterm1|CPSUL|AY1AZF5DE' koha_sip[29264]: INPUT MSG: '9300CNterm1|COterm1|CPSUL|AY1AZF5DE' koha_sip[29264]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '9300CNterm...', '93'): seq.no '1', protocol 2 koha_sip[29264]: Sip::MsgType::_initialize('Login', '00CNterm1|COterm1|CPSUL|', 'A1A1', '2', ...) koha_sip[29264]: Successful login/auth for 'term1' of 'SUL' koha_sip[29264]: login_core: $VAR1 = 'ILS'; koha_sip[29264]: new ILS 'SUL' koha_sip[29264]: OUTPUT MSG: '941AY1AZFDFC' koha_sip[29264]: raw_transport: uname/inst: 'term1/SUL' koha_sip[29264]: read_SIP_packet, INPUT MSG: '9900302.00AY2AZFCA4' koha_sip[29264]: INPUT MSG: '9900302.00AY2AZFCA4' koha_sip[29264]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '9900302.00...', '99'): seq.no '2', protocol 2 koha_sip[29264]: Sip::MsgType::_initialize('SC Status', '00302.00', 'CA3A4', '8', ...) koha_sip[29264]: OUTPUT MSG: '98YYYYNN10000520150804 1257372.00AOSUL|BXYYYYYYYYYYYNYYYY|AY2AZEE5A' koha_sip[29264]: read_SIP_packet, INPUT MSG: '6300120150804 125734 AOSUL|AAkohauser|AC|ADkohapwd|AY3AZEDC8' koha_sip[29264]: INPUT MSG: '6300120150804 125734 AOSUL|AAkohauser|AC|ADkohapwd|AY3AZEDC8' koha_sip[29264]: Sip::MsgType::new('C4::SIP::Sip::MsgType', '6300120150...', '63'): seq.no '3', protocol 2 koha_sip[29264]: Sip::MsgType::_initialize('Patron Info', '00120150804 125734 AOSUL|AAkohauser|AC|ADkohapwd|', 'A3A18A10','31', ...) koha_sip[29264]: new ILS::Patron(kohauser): found patron '00783' koha_sip[29264]: patron_status_string: 00783 charge_ok: 1 koha_sip[29264]: OUTPUT MSG: '64 00120150804 125737000000080008000000000000AOSUL|AA00783|AEBernard Shiundu Simwenyi|BLY|CQY|CC5001|BDP O Box 41539 Mombasa 80100|BEkohauser@my.email|BF0721 230520|PCAC|PIY|AFGreetings from Koha. |AY3AZC029' koha_sip[29264]: read_SIP_packet, INPUT MSG: '' koha_sip[29264]: read_SIP_packet input empty (), end of input. koha_sip[29264]: raw_transport: shutting down
Not sure what is involved ehen you say "Koha users cannot login via SIP"
Just to clarify further - I run a mixed mode outfit. Currently University Employees use ldap credentials to login to the opac while Students login to the opac using koha database credentials. However from a SIP client - only users with koha database credentials can login. My thinking was that authentication from a SIP client should mirror authentication via the OPAC (i.e hierarchical)
what request are you sending and what response are you receiving?
I guess those are all in the syslog outputs above -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #3 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Wondering... could this be bug 9936? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Colin Campbell <colin.campbell@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|gmcharlt@gmail.com |colin.campbell@ptfs-europe. | |com Status|NEW |Needs Signoff --- Comment #4 from Colin Campbell <colin.campbell@ptfs-europe.com> --- Created attachment 41379 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=41379&action=edit Potential patch This patch changes the Auth routine to one that takes account of authentication sources other than simple pw in the database. I have only tested this in the context of a password authenticating database NB the patron information request/response pair's function is not primarily authentication and supplying a password is optional, the sip process returns a password OK for an empty password field, this is done because some clients have traditionally sent an empty field rather than skipping it completely Please test if this enables authentication using LDAP -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 Zeno Tajoli <z.tajoli@cineca.it> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Small patch CC| |z.tajoli@cineca.it -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org