I'm not sure why but I also had to format principal_name in koha-conf.xml as follows: -- <principal_name>uid=%s,dc=irb,dc=hr</principal_name> --
Otherwise it doesn't work with openldap at my institution :/ regards, -- alen > 2011/6/22 Oscar Gaona <[email protected]>: >> Hi all >> There are many questions and solutions around Koha-LDAP connection / >> authentication, so it seems there is not a only way to get it because >> each >> Library / Institution has its own requirements / developments. >> If you has a successful / useful experience on this topic, may you share >> how >> you do it, please? Obviously, changing some real names / IP's >> Sometimes, examples are the better way to support people looking for >> solutions... > > For start, I would suggest to first try 3.2.10 or current git version > because > there are few LDAP fixes which just got merged into repository and > relesed. > > For a start, until bug 4994[1] gets merged, keep values inside > is="ldap-field" lower case only. > > We are using following configuration: > > <useldapserver>1</useldapserver><!-- see C4::Auth_with_ldap for extra > configs you must add if you want to turn this on --> > > <ldapserver id="ldapserver" listenref="ldapserver"> > <!-- > <hostname>ldaps://ldap.ffzg.hr</hostname> > --> > <hostname>ldap://localhost:1389</hostname> > <base>dc=ffzg,dc=hr</base> > > <replicate>1</replicate> <!-- add new users from LDAP to Koha database > --> > <update>0</update> <!-- update existing users in Koha database --> > > <auth_by_bind>1</auth_by_bind> > <principal_name>%s</principal_name> <!-- optional, for auth_by_bind: > a printf format to make userPrincipalName from koha userid --> > > <mapping> <!-- match koha SQL field names to your LDAP > record field names --> > <firstname is="givenname" ></firstname> > <surname is="sn" ></surname> > <address is="ffzg-adresa_ulica" ></address> > <city is="ffzg-adresa_grad" ></city> > <!-- > <zipcode is="ffzg-adresa_postanski_broj"></zipcode> > ---> > > <branchcode is="local-branch" >FFZG</branchcode> > <userid is="hrEduPersonUniqueID" ></userid> > <password is="userpassword" ></password> > <email is="mail" ></email> > <categorycode is="hrEduPersongroupmember" >IMP</categorycode> > > <dateofbirth is="hredupersondateofbirth" ></dateofbirth> > <sex is="ffzg-spol" ></sex> > <phone is="ffzg-tel_fixed"></phone> > <mobile is="ffzg-tel_mobile"></mobile> > > <dateexpiry is="hredupersonexpiredate">2012-12-23</dateexpiry> > > <JMBG is="hrEduPersonUniqueNumber_JMBG"></JMBG> > <OIB is="hrEduPersonOIB"></OIB> > > </mapping> > </ldapserver> > > This configuration works with changes in bug 4994, otherwise > everything inside is="" > would have to be lowercase only. > > We are using few of HrEdu* attributes which are specific to our national > LDAP > schema, and probably unusual combination of replication (to create users > who > logged in first time over web) without update (since we will edit patron's > data > locally, and then our data will be more current that LDAP data, so we > don't want > to overwrite it). > > Hope this helps. > > 1: http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4994 > > -- > ...2share!2flame... http://blog.rot13.org > _______________________________________________ > Koha mailing list http://koha-community.org > [email protected] > http://lists.katipo.co.nz/mailman/listinfo/koha > > > > ----------------------------- UPOZORENJE ----------------------------- > > Automatskom detekcijom utvrdjeno je da se u ovoj poruci > pojavljuje rijec "PASSWORD" ili "LOZINKA". > > AKO SE U PORUCI TRAZI DA POSALJETE SVOJU IRB LOZINKU > NEMOJTE TO NIKAKO UCINITI JER SE RADI O NAPADU S CILJEM > KRADJE ELEKTRONICKOG IDENTITETA. > > Centar za informatiku i racunarstvo, > Institut Rudjer Boskovic > > ----------------------------- UPOZORENJE ----------------------------- > > > -- _______________________________________________ Koha mailing list http://koha-community.org [email protected] http://lists.katipo.co.nz/mailman/listinfo/koha
