[Koha-bugs] [Bug 7973] Allow for new type of LDAP authentication

Mon Jul 8 14:27:47 CEST 2013

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7973

--- Comment #36 from acowell at daviscollege.edu ---
Sorry for the delay, extended holiday break and just getting back into the
swing of things. Here's my koha-conf.xml that is working after reverting this
patch. 

<useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra configs
you must add if you want to turn this on -->
     <ldapserver id="ldapserver" listenref="ldapserver">

        <hostname>ldap://<<SERVER NAME/IP>></hostname>

        <base>DC=<<DOMAIN>>,DC=<<DOMAIN EXT>></base>

        <user>CN=<<Users name>>,OU=<<Sub OU>>,OU=<<Sub OU>>,OU=<<Sub
OU>>,OU=<<Sub OU>>,dc=<<DOMAIN>>,dc=<<DOMAIN EXT>></user>  <!-- DN, if not
anonymous -->

        <pass><<USERS PASSWORD>></pass> <!-- password, if not anonymous -->

        <replicate>1</replicate> <!-- add new users from LDAP to Koha database
-->

        <update>1</update> <!-- update existing users in Koha database -->

        <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding
instead of password comparison, e.g., to use Active Directory -->

        <principal_name>%s</principal_name> <!-- optional, for auth_by_bind: a
printf format to make userPrincipalName from koha userid -->

        <mapping> <!-- match koha SQL field names to your LDAP record field
names -->

          <firstname is="givenname"></firstname>

          <surname is="sn"> </surname>

          <address is="streetAddress"></address>

          <city is="l"></city>

          <state is="st"></state>

          <country is="c"></country>

          <branchcode is="<<BRANCH CODE ATTRIBUTE IN AD"><<DEFAULT BRANCH
CODE>></branchcode>

          <userid is="userPrincipalName"></userid>

          <password is=""></password>

          <email is="mail"></email>

          <categorycode is="<<DEFAULT CATEGORY CODE ATTRIBUTE>>"><<DEFAULT
CATEGORY CODE>></categorycode>

          <cardnumber is="<<CARD NUMBER ATTRIBUTE>>"></cardnumber>
        </mapping>

      </ldapserver>

-------------------------------

To note, we authenticate by using email addresses, so for the userid, I used
the userPrincipalName and changed the <principle_name> to
<principal_name>%s</principal_name> instead of what most talk about doing
<principal_name>%s@<<domain name & ext>></principal_name>. I did try the common
way of using the sAMAccountName for the userid attribute and using
%s at domain.ext for principal_name and that way worked as well.

I also started testing under LDAP:// to be able to sniff out the problem, but
will be testing under LDAPS://, but don't expect a problem, will update if it
doesn't work after testing.

Thanks for your attention to this matter!

Aaron

-- 
You are receiving this mail because:
You are watching all bug changes.