Am Freitag, den 21.08.2015, 10:36 +0200 schrieb mourik jan heupink: > I have no other clues, no. Must say I'm rather surprised to read that > auth by bind is no option for you. Are you sure? Why not
It seems that I misunderstood the auth-by-bind function. Finally someone who has more ldap knowledge helped out to connect the ldap to our koha installation. Now it works with auth-by-bind as you suggested. Thank you very much. Your hint guided us into the right way to get it to work. Best wishes Uwe > > > On 08/20/2015 03:02 PM, uwe wrote: > > Hello, > > > > Am Mittwoch, den 19.08.2015, 22:24 +0200 schrieb mourik jan > > heupink: > > > I'm not sure if it will help you, but we have never had much luck > > > > > > with the password compare routine, which koha seems to like. > > > > > > I don't know any other ldap client that works like that. The > > > usual > > > way > > > (and this one works perfectly here, using openldap and also > > > samba4/AD) > > > is: use <auth_by_bind>1</auth_by_bind> > > > > > > Your principal_name would then be something like: > > > > > > <principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name> > > > > Thank you for your answer and hints but unfortunally auth_by_bind > > seems > > to be no option for us. > > > > Is there another way to solve the issue? > > > > Thanks in advance > > Uwe > > > > > Hopefully this helps you as well. > > > > > > MJ > > > > > > On 8/18/2015 14:35, uwe wrote: > > > > Hello, > > > > > > > > we have a Koha-Installation and would like to connect to our > > > > OpenLDAP > > > > -server, but I can't get it to work. > > > > > > > > First our Koha setup: > > > > > > > > > OS: debian wheezy > > > > > Koha: 3.20.02 > > > > > > > > Connecting to ldap-server works fine but the password > > > > comparison > > > > fails > > > > with the follwing error (tested in the console but also fails > > > > in > > > > the > > > > web gui; also given password is correct): > > > > > > > > > root@biblio:/etc/koha/sites/MY_SITE# env > > > > > PERL5LIB=/usr/share/koha/lib > > > > KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl > > > > /usr/share/koha/opac/cgi-bin/opac/opac-user.pl > > > > userid=MY_MAIL_NAME@MY_ > > > > ORG.org password=MY_PASSWORD. | head -5 > > > > > > > > > Got 2 ldap mapkeys ( total ): userid > > > > > Got 2 ldap mapkeys (populated): userid > > > > > Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, > > > > > <DATA> > > > > > line > > > > 558. > > > > > kohaversion : 3.2002000 > > > > > ## checkpw - checking LDAP > > > > > LDAP Auth rejected : invalid password for user > > > > > 'MY_MAIL_NAME@MY_O > > > > > RG.o > > > > rg'. LDAP error #5: LDAP_COMPARE_FALSE > > > > > # This code is returned when a compare request completes and > > > > > the > > > > attribute value given is not in the entry specified > > > > > > > > > > Login failed, resetting anonymous session... at > > > > /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595. > > > > > > > > Configuration in koha-conf.xml, see below. Our ldap-server uses > > > > SSHA as > > > > password sheme. Could this be the problem? > > > > > > > > How can I solve it? Can't find much usefull when searching > > > > internet > > > > for > > > > the problem. > > > > > > > > Thanks and best wishes > > > > Uwe > > > > > > > > > <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap > > > > > for > > > > extra configs you must add if you want to turn this on --> > > > > > > > > > > <!-- LDAP SERVER (optional) --> > > > > > > > > > > <ldapserver id="ldapserver" listenref="ldapserver"> > > > > > <hostname>MY_LDAP_SERVER</hostname> > > > > > <base>ou=id,dc=MY_ORG,dc=org</base> > > > > > <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> > > > > > <!-- > > > > > DN, > > > > if not anonymous --> > > > > > <pass>MY_SECRET_PASSWORD</pass> <!-- password, if > > > > > not > > > > anonymous --> > > > > > <replicate>0</replicate> <!-- add new users from LDAP > > > > > to > > > > > Koha > > > > database --> > > > > > <update>0</update> <!-- update existing users in > > > > > Koha > > > > database --> > > > > > <anonymous_bind>0</anonymous_bind> > > > > > <auth_by_bind>0</auth_by_bind> <!-- set to 1 to > > > > > authenticate > > > > by binding instead of password comparison, e.g., to use Active > > > > Directory --> > > > > > <!--<principal_name>%s@MY_ORG.org</principal_name>--> > > > > > <mapping> <!-- match koha SQL field names to your > > > > > LDAP > > > > > record > > > > field names --> > > > > > <!--<firstname is="firstname"></firstname> > > > > > <surname is="surname"></surname> > > > > > <address is="postaladdress">hier</address> > > > > > <city is="l">Berlin</city> > > > > > <zipcode is="postalcode">1000</zipcode> > > > > > <branchcode > > > > > is="businesscategory"></branchcode> > > > > > --> > > > > > <userid is="uid"></userid> > > > > > <!--<password is="USER_PASSWORD"></password> > > > > > <email is="mail"></email> > > > > > <categorycode > > > > > is="employeetype">PT</categorycode> > > > > > <phone is="telephonenumber">11111</phone> > > > > > <flags is="flags">2</flags> --> > > > > > </mapping> > > > > > </ldapserver> > > > > > > > > > > > > (hint: some private data is anonymized with large letters) > > > > > > > _______________________________________________ > > > Koha mailing list http://koha-community.org > > > Koha@lists.katipo.co.nz > > > https://lists.katipo.co.nz/mailman/listinfo/koha > _______________________________________________ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha -- Q: What is green and lives in the ocean? A: Moby Pickle. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
