[Koha-devel] LDAP configuration in Koha3.0 on Linux

Michael Hafen mdhafen at tech.washk12.org
Wed Jul 15 21:17:30 CEST 2009 

Yeah, I've been looking at the 3.1.x version of the file.  The
auth_by_bind and principal_name features aren't in the 3.0.x branch
(yet).  And you mention that you are using Active Directory, and I don't
know if Auth_with_ldap.pm will work with AD.  It's a matter of AD
exposing a userPassword attribute that can be compared to the entered
password.

I don't have a 3.0.2 install to test this, so I don't think I will be
able to help much more here.  There should be documentation somewhere
for the 3.0.2 branch to get LDAP working with AD.  Maybe on the wiki.

Maybe someone else on the list will know better than me.

Good luck.

On Wed, 2009-07-15 at 13:31 -0500, Library Guy wrote:
> Michael, just to make sure I just finished another fresh dev install
> (3.00.02.012) from git on a fresh machine.  Still have the exact same
> problem.  :-(
> 
> On Wed, Jul 15, 2009 at 10:04 AM, Michael Hafen<mdhafen at tech.washk12.org> wrote:
> > I don't see an exists() call on line 168 of Auth_with_ldap.pm.  What
> > version of Koha are you using again?
> >
> > The nearest call is in ldap_entry_w_hash().  Actually that's the only
> > call I could find in the current version of the file.
> > ldap_entry_2_hash() is called after authentication though, so that seems
> > to work.  Except that $userldapentry is what's complaining, and it's
> > used in authentication.  So I'm guessing there are some big differences
> > between what you have and what I have in Auth_with_ldap.pm
> >
> > On Wed, 2009-07-15 at 09:39 -0500, Library Guy wrote:
> >> Our MS AD LDAP schema provides samaccountname but not UID, so we map
> >> <userid       is="sAMAccountName" ></userid>.
> >>
> >> Test 1A:  someuser + password
> >>
> >>  <replicate>1</replicate>
> >>  <update>1</update>
> >>  <auth_by_bind>1</auth_by_bind>
> >> <principal_name>%s at example.com</principal_name>
> >>
> >> Result 1A:  Can't call method "exists" on an undefined value at
> >> /usr/share/koha/lib/C4/Auth_with_ldap.pm line 168, <DATA> line 253.
> >>
> >> ----------------
> >>
> >> Test 1B:   someuser at example.com + password
> >>
> >> Result 1B:   You entered an incorrect username or password
> >>
> >> ----------------
> >>
> >> Test 2:  someuser + password
> >>
> >> <replicate>1</replicate>
> >>
> >>  <update>1</update>
> >>
> >>  <auth_by_bind>0</auth_by_bind>
> >>
> >>
> >> Result 2:   No ldapserver "mapping for 'userid'" defined in KOHA_CONF:
> >> /etc/koha/koha-conf.xml at /usr/share/koha/lib/C4/Auth_with_ldap.pm
> >> line 80.
> >>
> >> However, the mapping does exist:  <userid       is="sAMAccountName" ></userid>.
> >>
> >>
> >>
> >> On Tue, Jul 14, 2009 at 8:54 PM, Galen Charlton
> >> <galen.charlton at liblime.com> wrote:
> >> >
> >> > Hi,
> >> >
> >> > 2009/7/14 Joe Atzberger <ohiocore at gmail.com>:
> >> > > This functionality as already been submitted, with both aspects, including a
> >> > > configurable sprintf-style manipulation of the Koha userid into whatever you
> >> > > want to present LDAP with.  See the "principle_name" section:
> >> > >
> >> > > http://lists.koha.org/pipermail/koha-patches/2009-June/003864.html
> >> >
> >> > The patch in question has now been pushed to HEAD.  Please try it out
> >> > and let us know if you find any issues during testing.
> >> >
> >> > Regards,
> >> >
> >> > Galen
> >> > --
> >> > Galen Charlton
> >> > VP, Research & Development, LibLime
> >> > galen.charlton at liblime.com
> >> > p: 1-888-564-2457 x709
> >> > skype: gmcharlt
> >> > _______________________________________________
> >> > Koha-devel mailing list
> >> > Koha-devel at lists.koha.org
> >> > http://lists.koha.org/mailman/listinfo/koha-devel
> >> _______________________________________________
> >> Koha-devel mailing list
> >> Koha-devel at lists.koha.org
> >> http://lists.koha.org/mailman/listinfo/koha-devel
> > --
> > Michael Hafen
> > Systems Analyst and Programmer
> > Washington County School District
> > Utah, USA
> >
> > for Koha checkout
> > http://development.washk12.org/gitweb/
> > or
> > git://development.washk12.org/koha
> >
> >
> >
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha.org
> http://lists.koha.org/mailman/listinfo/koha-devel
-- 
Michael Hafen
Systems Analyst and Programmer
Washington County School District
Utah, USA

for Koha checkout
http://development.washk12.org/gitweb/
or
git://development.washk12.org/koha

More information about the Koha-devel mailing list