[Koha-devel] Autentication LDAP Error Koha 20.05

Michael Kuhn mik at adminkuhn.ch
Mon Jul 27 15:22:40 CEST 2020 

Hi Humberto

Am 27.07.20 um 12:59 schrieb Humberto Blanco Castillo:
 > Hi for all,
 > We are trying to connect koha to LDAP,  but appears as credentials its
 > not working, and cant fount what the problem its.  this configuration
 > works fine in production environment in version 3.16
 >
 > Follow are the paras in the /etc/koha/sites/catalogo/koha-conf.xml file
 >
 > <useldapserver>1</useldapserver>
 >   <ldapserver id="ldapserver" listenref="ldapserver">
 > <hostname>ldap://ourldapServer:389</hostname>
 > <base>DC=University,DC=EDU</base>
 > <user>CN=ldap_user,OU=Cuenta de servicio,DC=University,DC=EDU</user>
 > <pass>myPassword</pass>
 > <replicate>1</replicate>
 > <update>0</update>
 > <auth_by_bind>1</auth_by_bind>
 > <anonymous_bind>0</anonymous_bind>
 > <update_password>0</update_password>
 > <principal_name>%s at urosario.edu.co
 > <mailto:s at urosario.edu.co></principal_name>
 > <mapping>
 > <firstname is="givenName" ></firstname>
 > <surname is="sn" ></surname>
 > <userid is="cn"></userid>
 > <email is="mail"></email>
 > <phone  is="telephonenumber"></phone>
 > <cardnumber  is="postOfficeBox"></cardnumber>
 > </mapping>
 > </ldapserver>
 >
 >
 > We test the connection from the command line, so:
 > export PERL5LIB=/usr/share/koha/lib/ && export
 > KOHA_CONF=/etc/koha/sites/catalogo/koha-conf.xml && perl
 > /usr/share/koha/opac/cgi-bin/opac/opac-user.pl <http://opac-user.pl>
 > userid=humberto.blanco password=password_for_humberto.blanco
 >
 > and gets the following error:
 > LDAP bind failed as kohauser humberto.blanco: LDAP error #49:
 > LDAP_INVALID_CREDENTIALS# The wrong password was supplied or the SASL
 > credentials could not be processed

You may try with:

<auth_by_bind>0</auth_by_bind>
<anonymous_bind>0</anonymous_bind>

 > Does no matter what kind of information i put on the password field,
 > ever gets the same error.

However you will always need to supply the CORRECT password! Otherwise 
you'll get a message like the following even with the above suggested 
change:

LDAP bind failed as kohauser xxx: LDAP error #34: LDAP_INVALID_DN_SYNTAX
# The request contained an invalid DN

Also maybe the comments on the bug 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947 may be 
interesting to you. If you are using Windows Server Active Directory 
(instead of e. g. Open LDAP) you may find other surprising behaviour.

Hope this helps.

Best wishes: Michael
-- 
Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch

More information about the Koha-devel mailing list