2011/6/22 Oscar Gaona <[email protected]>: > Hi all > There are many questions and solutions around Koha-LDAP connection / > authentication, so it seems there is not a only way to get it because each > Library / Institution has its own requirements / developments. > If you has a successful / useful experience on this topic, may you share how > you do it, please? Obviously, changing some real names / IP's > Sometimes, examples are the better way to support people looking for > solutions...
For start, I would suggest to first try 3.2.10 or current git version because there are few LDAP fixes which just got merged into repository and relesed. For a start, until bug 4994[1] gets merged, keep values inside is="ldap-field" lower case only. We are using following configuration: <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra configs you must add if you want to turn this on --> <ldapserver id="ldapserver" listenref="ldapserver"> <!-- <hostname>ldaps://ldap.ffzg.hr</hostname> --> <hostname>ldap://localhost:1389</hostname> <base>dc=ffzg,dc=hr</base> <replicate>1</replicate> <!-- add new users from LDAP to Koha database --> <update>0</update> <!-- update existing users in Koha database --> <auth_by_bind>1</auth_by_bind> <principal_name>%s</principal_name> <!-- optional, for auth_by_bind: a printf format to make userPrincipalName from koha userid --> <mapping> <!-- match koha SQL field names to your LDAP record field names --> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <address is="ffzg-adresa_ulica" ></address> <city is="ffzg-adresa_grad" ></city> <!-- <zipcode is="ffzg-adresa_postanski_broj"></zipcode> ---> <branchcode is="local-branch" >FFZG</branchcode> <userid is="hrEduPersonUniqueID" ></userid> <password is="userpassword" ></password> <email is="mail" ></email> <categorycode is="hrEduPersongroupmember" >IMP</categorycode> <dateofbirth is="hredupersondateofbirth" ></dateofbirth> <sex is="ffzg-spol" ></sex> <phone is="ffzg-tel_fixed"></phone> <mobile is="ffzg-tel_mobile"></mobile> <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry> <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG> <OIB is="hrEduPersonOIB"></OIB> </mapping> </ldapserver> This configuration works with changes in bug 4994, otherwise everything inside is="" would have to be lowercase only. We are using few of HrEdu* attributes which are specific to our national LDAP schema, and probably unusual combination of replication (to create users who logged in first time over web) without update (since we will edit patron's data locally, and then our data will be more current that LDAP data, so we don't want to overwrite it). Hope this helps. 1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994 -- ...2share!2flame... http://blog.rot13.org _______________________________________________ Koha mailing list http://koha-community.org [email protected] http://lists.katipo.co.nz/mailman/listinfo/koha
