[Koha-bugs] [Bug 7973] Allow for new type of LDAP authentication
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 8 14:27:47 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7973
--- Comment #36 from acowell at daviscollege.edu ---
Sorry for the delay, extended holiday break and just getting back into the
swing of things. Here's my koha-conf.xml that is working after reverting this
patch.
<useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra configs
you must add if you want to turn this on -->
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>ldap://<<SERVER NAME/IP>></hostname>
<base>DC=<<DOMAIN>>,DC=<<DOMAIN EXT>></base>
<user>CN=<<Users name>>,OU=<<Sub OU>>,OU=<<Sub OU>>,OU=<<Sub
OU>>,OU=<<Sub OU>>,dc=<<DOMAIN>>,dc=<<DOMAIN EXT>></user> <!-- DN, if not
anonymous -->
<pass><<USERS PASSWORD>></pass> <!-- password, if not anonymous -->
<replicate>1</replicate> <!-- add new users from LDAP to Koha database
-->
<update>1</update> <!-- update existing users in Koha database -->
<auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding
instead of password comparison, e.g., to use Active Directory -->
<principal_name>%s</principal_name> <!-- optional, for auth_by_bind: a
printf format to make userPrincipalName from koha userid -->
<mapping> <!-- match koha SQL field names to your LDAP record field
names -->
<firstname is="givenname"></firstname>
<surname is="sn"> </surname>
<address is="streetAddress"></address>
<city is="l"></city>
<state is="st"></state>
<country is="c"></country>
<branchcode is="<<BRANCH CODE ATTRIBUTE IN AD"><<DEFAULT BRANCH
CODE>></branchcode>
<userid is="userPrincipalName"></userid>
<password is=""></password>
<email is="mail"></email>
<categorycode is="<<DEFAULT CATEGORY CODE ATTRIBUTE>>"><<DEFAULT
CATEGORY CODE>></categorycode>
<cardnumber is="<<CARD NUMBER ATTRIBUTE>>"></cardnumber>
</mapping>
</ldapserver>
-------------------------------
To note, we authenticate by using email addresses, so for the userid, I used
the userPrincipalName and changed the <principle_name> to
<principal_name>%s</principal_name> instead of what most talk about doing
<principal_name>%s@<<domain name & ext>></principal_name>. I did try the common
way of using the sAMAccountName for the userid attribute and using
%s at domain.ext for principal_name and that way worked as well.
I also started testing under LDAP:// to be able to sniff out the problem, but
will be testing under LDAPS://, but don't expect a problem, will update if it
doesn't work after testing.
Thanks for your attention to this matter!
Aaron
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list