http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7973
--- Comment #33 from [email protected] --- Those steps are exactly how I believe it should be handled. However, I notice this line. - The <principal_name> setting in koha-conf.xml isn't used anymore; That appears to be the problem with AD LDAP. I wish I could upload a picture of my Wireshark results. On the bindRequest(1) "<ROOT>" packet coming from Koha login attempt it says that the authentication is simple, but the authentication name is missing. I'm wondering if it's missing because the principal_name is not passed to AD/LDAP now? On the ldapsearch in Ubuntu, when I capture those packets. The authentication is simple, but it has the binding account username & password filled in, in the bindRequest. I'm not sure if this site might help you at all, but I just stumbled a crossed it and thought I'd share. http://www.netid.washington.edu/documentation/ldapAuth.aspx Basically, password are passed to LDAP to verify that an account can connect. If it can, then success and then grab Attributes. Now AD LDAP Doesn't store passwords in readable formats in attributes, instead I believe it utilizes some type of tokens. Koha should not store the password for the user that authenticated or tokens. I don't know how Koha actually looks at authentication, like if it always attempts ldap before local auth lookups if use ldap is set to 1 or not. But LDAP auth should be prioritized over local auth and the locally stored record of the users account should be created with a field or tagged some how indicating that it's an LDAP user, so whenever the system tries to verify the account it always checks against LDAP. Maybe I'm just babbling and Koha already does this in some sort. Aaron -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
