[Koha-bugs] [Bug 18947] Unexpected Active Directory LDAP authentication failure mode
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 5 11:01:58 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947
jesus at medios.es changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jesus at medios.es
--- Comment #18 from jesus at medios.es ---
I think something is broken here yet...
I updated from 17.11.04-1 to 18.05.04-1 stock Debian packages. This update
broke my functioning ldap configuration.
What I see is that if ldap is enabled and using auth_by_bind, I am not able to
login either using any local accounts or AD ones, and I get this error:
LDAP search failed to return object : 000004DC: LdapErr: DSID-0C09075A,
comment: In order to perform this operation a successful bind must be completed
on the connection., data 0, v1db1 at /usr/share/koha/lib/C4/Auth_with_ldap.pm
line 101.
My version is:
root at newkoha:~# apt-cache show koha-common
Package: koha-common
Source: koha
Version: 18.05.04-1
Architecture: all
My koha ldap config is:
<ldapserver id="ldapserver">
<hostname>some.ip.address.here</hostname>
<!--base>ou=alumnos,dc=aulas,dc=campus,dc=local</base -->
<base>dc=aulas,dc=campus,dc=local</base>
<user>biblio at aulas.campus.local</user><!-- DN, if not anonymous -->
<pass>some.password</pass><!-- password, if not anonymous -->
<replicate>1</replicate> <!-- add new users from LDAP to Koha database
-->
<update>1</update> <!-- update existing users in Koha database
-->
<auth_by_bind>1</auth_by_bind>
<anonymous_bind>0</anonymous_bind>
<principal_name>%s at aulas.campus.local</principal_name>
<!-- optional, for auth_by_bind: a printf format to make userPrincipalName
from koha userid -->
<mapping> <!-- match koha SQL field names to your LDAP record
field names -->
<userid is="cn"></userid>
<password is=""></password>
<email is="userprincipalname"></email>
<firstname is="givenName"></firstname>
<surname is="displayName"></surname>
<dateexpiry is="">2100-01-01</dateexpiry>
<categorycode is="">PT</categorycode>
</mapping>
</ldapserver>
My ldap infrastructure works just fine:
root at newkoha:~# shelldap --server some.ip.address.here --basedn
DC=aulas,DC=campus,DC=local --binddn biblio at aulas.campus.local
~ > ls
CN=Builtin
CN=Computers
CN=ForeignSecurityPrincipals
CN=Infrastructure
CN=Keys
CN=LostAndFound
CN=Managed Service Accounts
CN=NTDS Quotas
CN=Program Data
CN=System
CN=TPM Devices
CN=Users
CN=kms
OU=Actualizador
OU=Alumnos
OU=Aula S1-02
OU=Aula S2-01
OU=Aula S2-02
OU=AulaS1-2_Mac
OU=Aulas Teoria
OU=Domain Controllers
OU=GRUPOS_ALUMNOS
OU=Impresoras
OU=Mac
OU=Ordenadores
OU=Profesores
~ >
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list