Re: [Koha] Koha and LDAP: Password comparison fails

[mourik jan heupink]

Hi Uwe,

I'm not sure if it will help you, but we have never had much luck with 
the password compare routine, which koha seems to like.

I don't know any other ldap client that works like that. The usual way 
(and this one works perfectly here, using openldap and also samba4/AD) 
is: use <auth_by_bind>1</auth_by_bind>

Your principal_name would then be something like:

<principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name>

Hopefully this helps you as well.

MJ

On 8/18/2015 14:35, uwe wrote:
Hello,

we have a Koha-Installation and would like to connect to our OpenLDAP
-server, but I can't get it to work.

First our Koha setup:

OS: debian wheezy
Koha: 3.20.02

Connecting to ldap-server works fine but the password comparison fails
with the follwing error (tested in the console but also fails in the
web gui; also given password is correct):

root@biblio:/etc/koha/sites/MY_SITE# env PERL5LIB=/usr/share/koha/lib
KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl
/usr/share/koha/opac/cgi-bin/opac/opac-user.pl  userid=MY_MAIL_NAME@MY_
ORG.org password=MY_PASSWORD. | head -5

Got 2 ldap mapkeys (  total  ): userid
Got 2 ldap mapkeys (populated): userid
Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, <DATA> line
558.
kohaversion : 3.2002000
## checkpw - checking LDAP
LDAP Auth rejected : invalid password for user 'MY_MAIL_NAME@MY_ORG.o
rg'. LDAP error #5: LDAP_COMPARE_FALSE
# This code is returned when a compare request completes and the
attribute value given is not in the entry specified

Login failed, resetting anonymous session... at
/usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595.

Configuration in koha-conf.xml, see below. Our ldap-server uses SSHA as
password sheme. Could this be the problem?

How can I solve it? Can't find much usefull when searching internet for
the problem.

Thanks and best wishes
Uwe

<useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap for
extra configs you must add if you want to turn this on -->

<!-- LDAP SERVER (optional) -->

<ldapserver id="ldapserver"  listenref="ldapserver">
       <hostname>MY_LDAP_SERVER</hostname>
         <base>ou=id,dc=MY_ORG,dc=org</base>
         <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> <!-- DN,
if not anonymous -->
         <pass>MY_SECRET_PASSWORD</pass>  <!-- password, if not
anonymous -->
        <replicate>0</replicate> <!-- add new users from LDAP to Koha
database -->
         <update>0</update>  <!-- update existing users in Koha
database -->
         <anonymous_bind>0</anonymous_bind>
         <auth_by_bind>0</auth_by_bind> <!-- set to 1 to authenticate
by binding instead of password comparison, e.g., to use Active
Directory -->
        <!--<principal_name>%s@MY_ORG.org</principal_name>-->
         <mapping> <!-- match koha SQL field names to your LDAP record
field names -->
                 <!--<firstname is="firstname"></firstname>
                 <surname is="surname"></surname>
                 <address is="postaladdress">hier</address>
                 <city is="l">Berlin</city>
                 <zipcode is="postalcode">1000</zipcode>
                 <branchcode is="businesscategory"></branchcode> -->
                 <userid is="uid"></userid>
                 <!--<password is="USER_PASSWORD"></password>
                 <email is="mail"></email>
                 <categorycode is="employeetype">PT</categorycode>
                 <phone is="telephonenumber">11111</phone>
                 <flags is="flags">2</flags> -->
         </mapping>
</ldapserver>


(hint: some private data is anonymized with large letters)

_______________________________________________
Koha mailing list  http://koha-community.org
Koha@lists.katipo.co.nz
https://lists.katipo.co.nz/mailman/listinfo/koha