Hi, I have no other clues, no. Must say I'm rather surprised to read that auth by bind is no option for you. Are you sure? Why not?
MJ On 08/20/2015 03:02 PM, uwe wrote: > Hello, > > Am Mittwoch, den 19.08.2015, 22:24 +0200 schrieb mourik jan heupink: >> I'm not sure if it will help you, but we have never had much luck >> >> with the password compare routine, which koha seems to like. >> >> I don't know any other ldap client that works like that. The usual >> way >> (and this one works perfectly here, using openldap and also >> samba4/AD) >> is: use <auth_by_bind>1</auth_by_bind> >> >> Your principal_name would then be something like: >> >> <principal_name>dn=%s,ou=id,dc=MY_ORG,dc=org</principal_name> > > Thank you for your answer and hints but unfortunally auth_by_bind seems > to be no option for us. > > Is there another way to solve the issue? > > Thanks in advance > Uwe > >> Hopefully this helps you as well. >> >> MJ >> >> On 8/18/2015 14:35, uwe wrote: >>> Hello, >>> >>> we have a Koha-Installation and would like to connect to our >>> OpenLDAP >>> -server, but I can't get it to work. >>> >>> First our Koha setup: >>> >>>> OS: debian wheezy >>>> Koha: 3.20.02 >>> >>> Connecting to ldap-server works fine but the password comparison >>> fails >>> with the follwing error (tested in the console but also fails in >>> the >>> web gui; also given password is correct): >>> >>>> root@biblio:/etc/koha/sites/MY_SITE# env >>>> PERL5LIB=/usr/share/koha/lib >>> KOHA_CONF=/etc/koha/sites/MY_SITE/koha-conf.xml perl >>> /usr/share/koha/opac/cgi-bin/opac/opac-user.pl >>> userid=MY_MAIL_NAME@MY_ >>> ORG.org password=MY_PASSWORD. | head -5 >>> >>>> Got 2 ldap mapkeys ( total ): userid >>>> Got 2 ldap mapkeys (populated): userid >>>> Checking Auth at /usr/share/koha/lib/C4/Auth.pm line 703, <DATA> >>>> line >>> 558. >>>> kohaversion : 3.2002000 >>>> ## checkpw - checking LDAP >>>> LDAP Auth rejected : invalid password for user 'MY_MAIL_NAME@MY_O >>>> RG.o >>> rg'. LDAP error #5: LDAP_COMPARE_FALSE >>>> # This code is returned when a compare request completes and the >>> attribute value given is not in the entry specified >>>> >>>> Login failed, resetting anonymous session... at >>> /usr/share/koha/lib/C4/Auth.pm line 1107, <DATA> line 595. >>> >>> Configuration in koha-conf.xml, see below. Our ldap-server uses >>> SSHA as >>> password sheme. Could this be the problem? >>> >>> How can I solve it? Can't find much usefull when searching internet >>> for >>> the problem. >>> >>> Thanks and best wishes >>> Uwe >>> >>>> <useldapserver>1</useldapserver> <!-- see C4::Auth_with_ldap for >>> extra configs you must add if you want to turn this on --> >>>> >>>> <!-- LDAP SERVER (optional) --> >>>> >>>> <ldapserver id="ldapserver" listenref="ldapserver"> >>>> <hostname>MY_LDAP_SERVER</hostname> >>>> <base>ou=id,dc=MY_ORG,dc=org</base> >>>> <user>cn=biblio,ou=daemons,dc=MY_ORG,dc=org</user> <!-- >>>> DN, >>> if not anonymous --> >>>> <pass>MY_SECRET_PASSWORD</pass> <!-- password, if not >>> anonymous --> >>>> <replicate>0</replicate> <!-- add new users from LDAP to >>>> Koha >>> database --> >>>> <update>0</update> <!-- update existing users in Koha >>> database --> >>>> <anonymous_bind>0</anonymous_bind> >>>> <auth_by_bind>0</auth_by_bind> <!-- set to 1 to >>>> authenticate >>> by binding instead of password comparison, e.g., to use Active >>> Directory --> >>>> <!--<principal_name>%s@MY_ORG.org</principal_name>--> >>>> <mapping> <!-- match koha SQL field names to your LDAP >>>> record >>> field names --> >>>> <!--<firstname is="firstname"></firstname> >>>> <surname is="surname"></surname> >>>> <address is="postaladdress">hier</address> >>>> <city is="l">Berlin</city> >>>> <zipcode is="postalcode">1000</zipcode> >>>> <branchcode is="businesscategory"></branchcode> >>>> --> >>>> <userid is="uid"></userid> >>>> <!--<password is="USER_PASSWORD"></password> >>>> <email is="mail"></email> >>>> <categorycode >>>> is="employeetype">PT</categorycode> >>>> <phone is="telephonenumber">11111</phone> >>>> <flags is="flags">2</flags> --> >>>> </mapping> >>>> </ldapserver> >>> >>> >>> (hint: some private data is anonymized with large letters) >>> >> _______________________________________________ >> Koha mailing list http://koha-community.org >> [email protected] >> https://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________ Koha mailing list http://koha-community.org [email protected] https://lists.katipo.co.nz/mailman/listinfo/koha
