Ah, OK. So is this an unsolvable problem (using <replicate> and/or <update> with MS LDAP) or is there hope? Thanks! James On Fri, Jul 17, 2009 at 2:22 PM, Joe Atzberger<ohiocore@gmail.com> wrote:
Single quotes block variable interpolation, so you wouldn't want to use them. The 2nd problem there is that $userldapentry is undefined, so it doesn't matter what you are going to pass to exists(), it will still break. -- Joe Atzberger LibLime - Open Source Library Solutions
On Fri, Jul 17, 2009 at 2:31 PM, Library Guy <library.guy.zero@gmail.com> wrote:
I know very little perl, so I'm unsure of the syntax for single, double or no quotes for variables:
Test 1:
Either $userldapentry->exists("$uid_field"); or $userldapentry->exists($uid_field);
Global symbol "$uid_field" requires explicit package name at /home/koha/kohaclone/C4/Auth_with_ldap.pm line 168, <DATA> line 253
Test 2:
$userldapentry->exists('$uid_field');
Can't call method "exists" on an undefined value at /home/koha/kohaclone/C4/Auth_with_ldap.pm line 168, <DATA> line 253.
James
On Fri, Jul 17, 2009 at 12:24 PM, Michael Hafen<mdhafen@tech.washk12.org> wrote:
I'm not sure. Maybe if you changed the exists() call from 'uid' to "$uid_field". Maybe that would still init the attrs hash. Can you try that?
On Fri, 2009-07-17 at 12:05 -0500, Library Guy wrote:
I will check with our I.T. but I am not hopeful. What would it take for Auth_with_ldap.pm to be modified to circumvent this, such as using sAMAcountName? Is it that simple?
James
On Fri, Jul 17, 2009 at 11:47 AM, Michael Hafen<mdhafen@tech.washk12.org> wrote:
Of course, why didn't I see that before. Of course AD doesn't have the uid attribute.
There is a free download from Microsoft, Services For Unix, which adds this and a few other attributes. Look into that.
On Fri, 2009-07-17 at 11:41 -0500, Library Guy wrote:
Ben, I'm testing the latest dev (3.01.00.037). LDAP authentication against our MS AD LDAP works properly using auth_by_bind, but if I enable either <replicate> or <update>, as soon as a new patron is authenticated Koha produces this error:
Can't call method "exists" on an undefined value at /home/koha/kohaclone/C4/Auth_with_ldap.pm line 168, <DATA> line 253.
The offending line 168 in Auth_with_ldap.pm is:
$userldapentry->exists('uid'); # This is bad, but required! By side-effect, this initializes the attrs hash.
I suspect it has something to do with uid not being a part of our schema, but I don't know where to go from here or how to help the developers address it.
Thanks!
James
On Wed, Jul 15, 2009 at 8:06 PM, Ben Finney<ben+koha@benfinney.id.au> wrote: > Dobrica Pavlinusic <dpavlin@rot13.org> > writes: > >> Idea is simple: instead of having single administrative user >> which can >> do LDAP compare to check password, we just bind as user who is >> trying >> to login. > > Yes, this is the correct way to authenticate against an LDAP > directory. > As you say, it requires no privileged access to the directory > beyond > that granted to the authenticating user. > > This normal behaviour (bind as authenticating user) is available > in the > current development tree of Koha 3.x, and is not yet in any stable > release TTBOMK. > > -- > \ Rommel: “Don't move, or I'll turn the key on this can of > Spam!” | > `\ —The Goon Show, _Rommel's > Treasure_ | > _o__) > | > Ben Finney