[Koha] Unexpected behavior when authenticating over LDAP (AD)

Mon, 22 Aug 2022 04:35:41 -0700 

Hello,

Koha Version: 22.05.03.000
OS: Ubuntu server 20.04.4 LTS (Focal Fossa)
DB: Ver 15.1 Distrib 10.3.34-MariaDB

The relevant section of our koha-conf.xml is:

 <useldapserver>1</useldapserver>
<ldapserver id="ldapserver">
  <hostname>### REDACTED ###</hostname>
  <base>### REDACTED ###</base>
  <replicate>1</replicate>
  <update>1</update>
  <update_password>1</update_password>
  <auth_by_bind>1</auth_by_bind>
  <anonymous_bind>0</anonymous_bind>
  <principal_name>%s@### REDACTED ###</principal_name>
  <mapping>
        <cardnumber is="title"></cardnumber>
        <branchcode is="">CGSL</branchcode>
        <address is="">118-124 Kennington Park Road</address>
        <city is="">London</city>
        <categorycode is="department"></categorycode>
        <surname is="sn"></surname>
        <firstname is="givenName"></firstname>
        <email is="company"></email>
        <userid is="SAMAccountName"></userid>
   </mapping>
 </ldapserver>

When a new user logs in via AD, and when that user has no currently existing 
account on Koha, things work very well. However, if a user has an existing 
account created by an admin prior to them actually logging in via AD for the 
first time, it becomes possible for that user to log on with either their AD 
password, or with the password that was set when their account was created 
initially by a Koha admin. Expected behavior would be that the user's AD 
password does not only get added to their record in Koha, but also that it 
replaces any other password for that user. I have determined that:

1 - both passwords are defintely accessing the same user account, and that 
details changed in AD are indeed updating for that account
2 - it's not a case of an arbitrary login working. Only those two passwords 
will work, nothing else will.

Grateful for any insghts into how this may be happening.

Thanks and best regards,

Chris

Chris Halliwell  I  IT Manager
City & Guilds of London Art School, 124 Kennington Park Road, London SE11 4DJ
Charity Registration no. 1144708  I  Company no. 7817519
www.cityandguildsartschool.ac.uk<http://www.cityandguildsartschool.ac.uk/>
_______________________________________________

Koha mailing list  http://koha-community.org
[email protected]
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha

Reply via email to