http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7973
--- Comment #31 from [email protected] --- You would be correct, in a windows active directory domain the userPassword attribute is a write-only field. When viewed, it says <NOT SET>. If I set auth_by_bind to 1 I receive this following error, no matter what user account I attempt to login as. I also do not see a failed login attempt in the LDAP server security event logs, so it’s like it’s failing before even attempting to connect to the LDAP server. [Tue Jul 02 08:11:39 2013] [error] [client 127.0.0.1] [Tue Jul 2 08:11:39 2013] opac-user.pl: LDAP Auth rejected : (sAMAccountName=duser1) gets 0 hits, referer: http://127.0.1.1/cgi-bin/koha/opac-user.pl [Tue Jul 02 08:11:39 2013] [error] [client 127.0.0.1] [Tue Jul 2 08:11:39 2013] opac-user.pl: LDAP error #1: LDAP_OPERATIONS_ERROR, referer: http://127.0.1.1/cgi-bin/koha/opac-user.pl What is strange, is if I set auth_by_bind to 0. I see in my domain controller this log that is scored by the auth_by_bind user, but won’t authenticate or create the users account in koha. An operation was performed on an object. Subject : Security ID: <domain>\<binding user> Account Name: <binding user> Account Domain: <domain> Logon ID: 0x29a39618 Object: Object Server: DS Object Type: user Object Name: CN=Dummy User,OU=<Sub OU>,OU=<Sub OU>,OU=<Sub OU>,OU=<Sub OU>,DC=<domain>,DC=<domain ext> Handle ID: 0x0 Operation: Operation Type: Object Access Accesses: Control Access Access Mask: 0x100 Properties: Control Access {91e647de-d96f-4b70-9557-d63ff4f3ccd8} {6617e4ac-a2f1-43ab-b60c-11fbd1facf05} {b3f93023-9239-4f7c-b99c-6745d87adbc2} {b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7} {771727b1-31b8-4cdf-ae62-4fe39fadf89e} {612cb747-c0e8-4f92-9221-fdd5f15b550d} {bf967aba-0de6-11d0-a285-00aa003049e2} Additional Information: Parameter 1: - Parameter 2: As for a step by step processing, we’re pretty much a pure Windows 2008 Domain Model right out of the box. So I’m not sure exactly what type of step by step I could provide, besides Microsoft documentation on authentication processes. http://technet.microsoft.com/en-us/library/cc755284(v=ws.10).aspx I can say that we have a Moodle server that is doing LDAPS authentication right to both of our domain controllers. A couple of notes from that server that I don’t see the ability to set in Koha is these options. LDAP Version = 3 LDAP Encoding = cp1252 I also see in Koha you can set a BASE, but in Moodle you set a context which is the first container to begin searching for users in. ou=<OU>,dc=<DOMAIN>,dc=<DOMAIN EXT> I switched the <BASE> in koha to CN=Users, DC=<DOMAIN>, DC=<DOMAIN EXT> and moved the Dummy User to the Users container. But that didn’t work either, still receive the above LDAP_OPERATIONS_ERROR. I did a little more testing and actually fired up wireshark on the domain controller I'm trying to authenticate against. If I use Ubuntu's ldapsearch with the same information I'm using in the Koha-conf files. I get an LDAP bindRequest(1) "[email protected]" simple. When I attempt to authenticate through Koha. I get 'bindRequest(1) "<ROOT>" simple'. It's like Koha is not actually passing the authenticating users userPrincipleName through correctly. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
