Thankyou for the reply. We tried it but not working and getting exception:
koha_opac_error_log: /cgi-bin/koha/opac-user.pl [Fri Sep 11 17:11:44 2015] [error] [client 10.15.0.200] [Fri Sep 11 17:11:44 2015] opac-user.pl: LDAP Auth rejected : (sAMAccountName=xxxx.xxxx) gets 0 hits, referer: https://librarydemo.abc.edu/cgi-bin/koha/opac-user.pl [Fri Sep 11 17:11:44 2015] [error] [client 10.15.0.200] [Fri Sep 11 17:11:44 2015] opac-user.pl: Use of uninitialized value $retuserid in string ne at koha_error_log: LDAP error #32: LDAP_NO_SUCH_OBJECT, referer: https://stafflibrarydemo.abc.edu/ [Thu Sep 10 17:02:22 2015] [error] [client 10.15.2.17] [Thu Sep 10 17:02:22 2015] mainpage.pl: # The server cannot find an object specified in the request, referer: https://stafflibrarydemo.abc.edu/ [Thu Sep 10 17:02:22 2015] [error] [client 10.15.2.17] [Thu Sep 10 17:02:22 2015] mainpage.pl: , referer: https://stafflibrarydemo.habib.edu.pk/ Our KOHA version: 3.12.04.000 Seems that KOHA is unable to search user in LDAP. Any suggestion what could be the reason ? Your support is highly appreciated. Thanks Ahmad Amanullah Khan On Thu, Sep 10, 2015 at 1:07 PM, mourik jan heupink <heup...@merit.unu.edu> wrote: > Here is the AD bit from our koha-conf.xml: > > <ldapserver id="DC"> >> <hostname>samba.domain.com</hostname> >> <base>CN=Users,DC=samba,DC=domain,DC=com</base> >> <replicate>1</replicate> >> <update>1</update> >> <auth_by_bind>1</auth_by_bind> >> <principal_name>%s...@samba.domain.com</principal_name> >> <mapping> <!-- match koha SQL field names to your >> LDAP record field names --> >> <firstname is="givenName" ></firstname> >> <surname is="sn" ></surname> >> <address is="streetAddress" ></address> >> <city is="l" ></city> >> <zipcode is="postalCode" ></zipcode> >> <branchcode is="branch" >our_branch</branchcode> >> <userid is="uid" ></userid> >> <password is="userPassword" ></password> >> <email is="mail" ></email> >> <categorycode is="employeeType" >A</categorycode> >> <phone is="telephoneNumber"></phone> >> </mapping> >> </ldapserver> >> > > Explained: > samba.domain.com is the name of our active directory, if you specify that > as hostname to bind to, koha will use (round robin) dns to connect to all > DC's. Gives you a nice load spread, plus if one DC happens to be down, only > some logons will fail. > > (verify with "host samba.domain.com" reveral times in a row, it should > normally return different ip's, dependin on your number of dc's) > > Base should be your users container. > > Principal took me some time to understand: <principal_name>% > s...@samba.domain.com</principal_name> > > %s is replaced with a username, so in my example koha tries to bind as > usern...@samba.domain.com > > I think the above explains it all? > > MJ > > > > > On 09/10/2015 09:18 AM, Ahmad Amanullah Khan wrote: > >> Dear All >> >> I will appreciate if you guide us how you integrated KOHA with AD. Any >> guide will be highly appreciated. >> >> Thanks >> >> On Thu, Sep 10, 2015, 3:45 AM uwe <singlespeedfah...@yandex.com> wrote: >> >> Am Freitag, den 21.08.2015, 10:36 +0200 schrieb mourik jan heupink: >>> >>>> I have no other clues, no. Must say I'm rather surprised to read that >>>> auth by bind is no option for you. Are you sure? Why not >>>> >>> >>> It seems that I misunderstood the auth-by-bind function. Finally >>> someone who has more ldap knowledge helped out to connect the ldap to >>> our koha installation. Now it works with auth-by-bind as you suggested. >>> Thank you very much. Your hint guided us into the right way to get it >>> to work. >>> >>> Best wishes >>> Uwe >>> >>> >>>> >>>> On 08/20/2015 03:02 PM, uwe wrote: >>>> >>>>> Hello, >>>>> >>>>> Am Mittwoch, den 19.08.2015, 22:24 +0200 schrieb mourik jan >>>>> heupink: >>>>> >>>>>> I'm not sure if it will help you, but we have never had much luck >>>>>> >>>>>> with the password compare routine, which koha seems to like. >>>>>> >>>>>> I don't know any other ldap client that works like that. The >>>>>> usual >>>>>> way >>>>>> (and this one works perfectly here, using openldap and also >>>>>> samba4/AD) >>>>>> is: use <auth_by_bind>1</auth_by_bind> >>>>>> >>>>>> Your principal_name would then be something like: >>>>>> >>>>>> <principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name> >>>>>> >>>>> >>>>> Thank you for your answer and hints but unfortunally auth_by_bind >>>>> seems >>>>> to be no option for us. >>>>> >>>>> Is there another way to solve the issue? >>>>> >>>>> Thanks in advance >>>>> Uwe >>>>> >>>>> Hopefully this helps you as well. >>>>>> >>>>>> MJ >>>>>> >>>>>> On 8/18/2015 14:35, uwe wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> we have a Koha-Installation and would like to connect to our >>>>>>> OpenLDAP >>>>>>> -server, but I can't get it to work. >>>>>>> >>>>>>> First our Koha setup: >>>>>>> >>>>>>> OS: debian wheezy >>>>>>>> Koha: 3.20.02 >>>>>>>> >>>>>>> >>>>>>> Connecting to ldap-server works fine but the password >>>>>>> comparison >>>>>>> fails >>>>>>> with the follwing error (tested in the console but also fails >>>>>>> in >>>>>>> the >>>>>>> web gui; also given password is correct): >>>>>>> >>>>>>> root@biblio:/etc/koha/sites/MY_SITE# env >>>>>>>> PERL5LIB=/usr/share/koha/lib >>>>>>>> >>>>>>> KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl >>>>>>> /usr/share/koha/opac/cgi-bin/opac/opac-user.pl >>>>>>> userid=MY_MAIL_NAME@MY_ >>>>>>> ORG.org password=MY_PASSWORD. | head -5 >>>>>>> >>>>>>> Got 2 ldap mapkeys ( total ): userid >>>>>>>> Got 2 ldap mapkeys (populated): userid >>>>>>>> Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, >>>>>>>> <DATA> >>>>>>>> line >>>>>>>> >>>>>>> 558. >>>>>>> >>>>>>>> kohaversion : 3.2002000 >>>>>>>> ## checkpw - checking LDAP >>>>>>>> LDAP Auth rejected : invalid password for user >>>>>>>> 'MY_MAIL_NAME@MY_O >>>>>>>> RG.o >>>>>>>> >>>>>>> rg'. LDAP error #5: LDAP_COMPARE_FALSE >>>>>>> >>>>>>>> # This code is returned when a compare request completes and >>>>>>>> the >>>>>>>> >>>>>>> attribute value given is not in the entry specified >>>>>>> >>>>>>>> >>>>>>>> Login failed, resetting anonymous session... at >>>>>>>> >>>>>>> /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595. >>>>>>> >>>>>>> Configuration in koha-conf.xml, see below. Our ldap-server uses >>>>>>> SSHA as >>>>>>> password sheme. Could this be the problem? >>>>>>> >>>>>>> How can I solve it? Can't find much usefull when searching >>>>>>> internet >>>>>>> for >>>>>>> the problem. >>>>>>> >>>>>>> Thanks and best wishes >>>>>>> Uwe >>>>>>> >>>>>>> <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap >>>>>>>> for >>>>>>>> >>>>>>> extra configs you must add if you want to turn this on --> >>>>>>> >>>>>>>> >>>>>>>> <!-- LDAP SERVER (optional) --> >>>>>>>> >>>>>>>> <ldapserver id="ldapserver" listenref="ldapserver"> >>>>>>>> <hostname>MY_LDAP_SERVER</hostname> >>>>>>>> <base>ou=id,dc=MY_ORG,dc=org</base> >>>>>>>> <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> >>>>>>>> <!-- >>>>>>>> DN, >>>>>>>> >>>>>>> if not anonymous --> >>>>>>> >>>>>>>> <pass>MY_SECRET_PASSWORD</pass> <!-- password, if >>>>>>>> not >>>>>>>> >>>>>>> anonymous --> >>>>>>> >>>>>>>> <replicate>0</replicate> <!-- add new users from LDAP >>>>>>>> to >>>>>>>> Koha >>>>>>>> >>>>>>> database --> >>>>>>> >>>>>>>> <update>0</update> <!-- update existing users in >>>>>>>> Koha >>>>>>>> >>>>>>> database --> >>>>>>> >>>>>>>> <anonymous_bind>0</anonymous_bind> >>>>>>>> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to >>>>>>>> authenticate >>>>>>>> >>>>>>> by binding instead of password comparison, e.g., to use Active >>>>>>> Directory --> >>>>>>> >>>>>>>> <!--<principal_name>%s@MY_ORG.org</principal_name>--> >>>>>>>> <mapping> <!-- match koha SQL field names to your >>>>>>>> LDAP >>>>>>>> record >>>>>>>> >>>>>>> field names --> >>>>>>> >>>>>>>> <!--<firstname is="firstname"></firstname> >>>>>>>> <surname is="surname"></surname> >>>>>>>> <address is="postaladdress">hier</address> >>>>>>>> <city is="l">Berlin</city> >>>>>>>> <zipcode is="postalcode">1000</zipcode> >>>>>>>> <branchcode >>>>>>>> is="businesscategory"></branchcode> >>>>>>>> --> >>>>>>>> <userid is="uid"></userid> >>>>>>>> <!--<password is="USER_PASSWORD"></password> >>>>>>>> <email is="mail"></email> >>>>>>>> <categorycode >>>>>>>> is="employeetype">PT</categorycode> >>>>>>>> <phone is="telephonenumber">11111</phone> >>>>>>>> <flags is="flags">2</flags> --> >>>>>>>> </mapping> >>>>>>>> </ldapserver> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> (hint: some private data is anonymized with large letters) >>>>>>> >>>>>>> _______________________________________________ >>>>>> Koha mailing list http://koha-community.org >>>>>> Koha@lists.katipo.co.nz >>>>>> https://lists.katipo.co.nz/mailman/listinfo/koha >>>>>> >>>>> _______________________________________________ >>>> Koha mailing list http://koha-community.org >>>> Koha@lists.katipo.co.nz >>>> https://lists.katipo.co.nz/mailman/listinfo/koha >>>> >>> -- >>> Q: What is green and lives in the ocean? >>> A: Moby Pickle. >>> >>> >>> _______________________________________________ >>> Koha mailing list http://koha-community.org >>> Koha@lists.katipo.co.nz >>> https://lists.katipo.co.nz/mailman/listinfo/koha >>> >>> _______________________________________________ >> Koha mailing list http://koha-community.org >> Koha@lists.katipo.co.nz >> https://lists.katipo.co.nz/mailman/listinfo/koha >> >> _______________________________________________ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha > -- “*Testing is an infinite process of comparing the invisible to the ambiguous in order to avoid the unthinkable happening to the anonymous.” -** James Bach* *Best Regards,* *Ahmad Amanullah Khan* ------------------------------------------------------------------------------------------------------ Gmail : ahmadamanullahk...@gmail.com <ahmadamanul...@gmail.com> Skype: ahmad.khan922 LinkedIn: http://linkedin.com/in/aaukhan Cell: +92 314 2042060 ------------------------------------------------------------------------------------------------------- _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
