[Koha-bugs] [Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Oct 5 11:01:58 CEST 2018 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

jesus at medios.es changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jesus at medios.es

--- Comment #18 from jesus at medios.es ---
I think something is broken here yet... 

I updated from 17.11.04-1 to 18.05.04-1 stock Debian packages. This update
broke my functioning ldap configuration.

What I see is that if ldap is enabled and using auth_by_bind, I am not able to
login either using any local accounts or AD ones, and I get this error:

LDAP search failed to return object : 000004DC: LdapErr: DSID-0C09075A,
comment: In order to perform this operation a successful bind must be completed
on the connection., data 0, v1db1 at /usr/share/koha/lib/C4/Auth_with_ldap.pm
line 101.

My version is:

root at newkoha:~# apt-cache show koha-common
Package: koha-common
Source: koha
Version: 18.05.04-1
Architecture: all


My koha ldap config is:

<ldapserver id="ldapserver">
  <hostname>some.ip.address.here</hostname>
  <!--base>ou=alumnos,dc=aulas,dc=campus,dc=local</base -->
  <base>dc=aulas,dc=campus,dc=local</base>
  <user>biblio at aulas.campus.local</user><!-- DN, if not anonymous -->
  <pass>some.password</pass><!-- password, if not anonymous -->
  <replicate>1</replicate>       <!-- add new users from LDAP to Koha database
-->
  <update>1</update>             <!-- update existing users in Koha database
-->
  <auth_by_bind>1</auth_by_bind>
  <anonymous_bind>0</anonymous_bind>
  <principal_name>%s at aulas.campus.local</principal_name>
  <!-- optional, for auth_by_bind: a printf format to make userPrincipalName
from koha userid -->
  <mapping>             <!-- match koha SQL field names to your LDAP record
field names -->
   <userid       is="cn"></userid>
   <password     is=""></password>
   <email        is="userprincipalname"></email>
   <firstname    is="givenName"></firstname>
   <surname      is="displayName"></surname>
   <dateexpiry   is="">2100-01-01</dateexpiry>
   <categorycode is="">PT</categorycode>
  </mapping>
</ldapserver>


My ldap infrastructure works just fine:

root at newkoha:~# shelldap --server some.ip.address.here --basedn
DC=aulas,DC=campus,DC=local --binddn biblio at aulas.campus.local
~ > ls
CN=Builtin
CN=Computers
CN=ForeignSecurityPrincipals
CN=Infrastructure
CN=Keys
CN=LostAndFound
CN=Managed Service Accounts
CN=NTDS Quotas
CN=Program Data
CN=System
CN=TPM Devices
CN=Users
CN=kms
OU=Actualizador
OU=Alumnos
OU=Aula S1-02
OU=Aula S2-01
OU=Aula S2-02
OU=AulaS1-2_Mac
OU=Aulas Teoria
OU=Domain Controllers
OU=GRUPOS_ALUMNOS
OU=Impresoras
OU=Mac
OU=Ordenadores
OU=Profesores
~ >

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list