Re: [Koha] Koha Ldap Auth
Il 26/06/19 17:12, Mason James ha scritto: > > [cut] > > > hi Daniele > here is a working config example of a Koha (v18.05.05) talking to an AD server > > hope that helps... > -- > 1 > > > ldaps://1.2.3.4:30040 > DC=aaa,DC=bbb,DC=gov,DC=au > > 1 > 1 > > 1 > > 0 > 0 > > %s...@aaa.bbb.gov.au > > > > > > > > S > AAA > > > > > > -- > > > Thanks for the snippet :) Bye Daniele ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Il 26/06/19 19:12, Karam Qubsi ha scritto: > Hello, Hi, > Have you tried to restart memcached and koha-common after configurations > updates. > > /etc/init.d/koha-common restart I've already restarted it before > /etc/init.d/memcached restart This is the point: I restarted it and ldap has been starting to work perfectly Thank you so much > Best Regards > Daniele ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Hello, Have you tried to restart memcached and koha-common after configurations updates. /etc/init.d/koha-common restart /etc/init.d/memcached restart Best Regards On Wed, 26 Jun 2019, 9:14 pm Daniele Piccoli, wrote: > Il 26/06/19 00:44, Hector Gonzalez ha scritto: > > > > > >> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli < > daniele.picc...@riseup.net> wrote: > >> > >> Il 24/06/19 21:30, Hector Gonzalez ha scritto: > >>> Hi Daniele > >> > >> Hi > >> > On Jun 24, 2019, at 4:22 AM, Daniele Piccoli < > daniele.picc...@riseup.net> wrote: > > Software error: > Error reading file /etc/koha/sites/biblioname/koha-conf.xml. > Try running this again as the koha instance user (or use the > koha-shell > command in debian) > >>> > >>> > >>> Is the file readable by koha? Permissions should be 640, with user > root and biblioname-koha as the group (if that is the group that owns koha). > >> > >> The file is readable by Koha and in fact it has the correct permission > >> as you said. > > I missed an end tag in a comment before, and so it gave me the error > about reading > > Now, the error disappeared > > > Ok, then try making these changes: > > > > > > *IP-OF-DC* > > > ou=Users,dc=*sub*,dc=*domain*,dc=*tld* > > 1 > > 1 > > 1 > > 0 > > uid=%s@*sub*.*domain*.*tld* > > record field names --> > > > > > > > > YOURLIBRARYCODEinKoha > > STUDENT > > > > > > > > 1. change the hostname to the actual hostname of the ldap server, if it > is using ldaps, it might want to check the certificate, and that is based > on the name. > > 2. remove the and tags, as you are using auth_by_bind. (I > don´t know if they are needed for so you might want to leave that > there). > > 3. Add a line that says: 0 which is > needed with AD logins when you are using auth_by_bind (sounds weird, but > it works that way) > > 4. Change principal_name, the format is %s@* > your.domain.name* which is needed with AD too. It looks > like an email address. > > 5. Add a mapping for "categorycode" with the text of the main user > category (staff, students, faculty...) It IS required for login, and is > assigned to the user automatically. > > 6. Add the branchcode for the library. > > > > Also, I would change the userid mapping to is="sAMAccountName"> which is a unique name for every user with > AD. > > If it still gives you trouble, check the tags above and below your ldap > configuration, and be sure those were not affected by editing the file. > > I've been trying to adapt the configuration in according to my DC server > but, for the moment, ldap auth doesn't work. > > I'm monitoring the traffic on 389 port on DC and no traffic come from > the Koha server...that's quite strange. > > > >>> > >> > >> Daniele > >> ___ > >> Koha mailing list http://koha-community.org > >> Koha@lists.katipo.co.nz > >> https://lists.katipo.co.nz/mailman/listinfo/koha > > > > -- > > Héctor González > > ca...@genac.org > > > > ___ > > Koha mailing list http://koha-community.org > > Koha@lists.katipo.co.nz > > https://lists.katipo.co.nz/mailman/listinfo/koha > > > > Bye > > Daniele > ___ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha > ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
On 27/06/19 1:13 AM, Daniele Piccoli wrote: > Il 26/06/19 00:44, Hector Gonzalez ha scritto: >>> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli >>> wrote: >>> >>> Il 24/06/19 21:30, Hector Gonzalez ha scritto: Hi Daniele >>> Hi >>> > On Jun 24, 2019, at 4:22 AM, Daniele Piccoli > wrote: > > Software error: > Error reading file /etc/koha/sites/biblioname/koha-conf.xml. > Try running this again as the koha instance user (or use the koha-shell > command in debian) Is the file readable by koha? Permissions should be 640, with user root and biblioname-koha as the group (if that is the group that owns koha). >>> The file is readable by Koha and in fact it has the correct permission >>> as you said. > I missed an end tag in a comment before, and so it gave me the error > about reading > > Now, the error disappeared > >> Ok, then try making these changes: >> >> >> *IP-OF-DC* > >> ou=Users,dc=*sub*,dc=*domain*,dc=*tld* >> 1 >> 1 >> 1 >> 0 >> uid=%s@*sub*.*domain*.*tld* >> record field names --> >> >> >> >> YOURLIBRARYCODEinKoha >> STUDENT >> >> >> >> 1. change the hostname to the actual hostname of the ldap server, if it is >> using ldaps, it might want to check the certificate, and that is based on >> the name. >> 2. remove the and tags, as you are using auth_by_bind. (I >> don´t know if they are needed for so you might want to leave that >> there). >> 3. Add a line that says: 0 which is needed >> with AD logins when you are using auth_by_bind (sounds weird, but it works >> that way) >> 4. Change principal_name, the format is >> %s@*your.domain.name* which is needed with >> AD too. It looks like an email address. >> 5. Add a mapping for "categorycode" with the text of the main user category >> (staff, students, faculty...) It IS required for login, and is assigned to >> the user automatically. >> 6. Add the branchcode for the library. >> >> Also, I would change the userid mapping to > is="sAMAccountName"> which is a unique name for every user with AD. >> If it still gives you trouble, check the tags above and below your ldap >> configuration, and be sure those were not affected by editing the file. > I've been trying to adapt the configuration in according to my DC server > but, for the moment, ldap auth doesn't work. > > I'm monitoring the traffic on 389 port on DC and no traffic come from > the Koha server...that's quite strange. > hi Daniele here is a working config example of a Koha (v18.05.05) talking to an AD server hope that helps... -- 1 ldaps://1.2.3.4:30040 DC=aaa,DC=bbb,DC=gov,DC=au 1 1 1 0 0 %s...@aaa.bbb.gov.au S AAA -- ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Il 26/06/19 00:44, Hector Gonzalez ha scritto: > > >> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli >> wrote: >> >> Il 24/06/19 21:30, Hector Gonzalez ha scritto: >>> Hi Daniele >> >> Hi >> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli wrote: Software error: Error reading file /etc/koha/sites/biblioname/koha-conf.xml. Try running this again as the koha instance user (or use the koha-shell command in debian) >>> >>> >>> Is the file readable by koha? Permissions should be 640, with user root >>> and biblioname-koha as the group (if that is the group that owns koha). >> >> The file is readable by Koha and in fact it has the correct permission >> as you said. I missed an end tag in a comment before, and so it gave me the error about reading Now, the error disappeared > Ok, then try making these changes: > > > *IP-OF-DC* > > ou=Users,dc=*sub*,dc=*domain*,dc=*tld* > 1 > 1 > 1 > 0 > uid=%s@*sub*.*domain*.*tld* > record field names --> > > > > YOURLIBRARYCODEinKoha > STUDENT > > > > 1. change the hostname to the actual hostname of the ldap server, if it is > using ldaps, it might want to check the certificate, and that is based on the > name. > 2. remove the and tags, as you are using auth_by_bind. (I > don´t know if they are needed for so you might want to leave that > there). > 3. Add a line that says: 0 which is needed > with AD logins when you are using auth_by_bind (sounds weird, but it works > that way) > 4. Change principal_name, the format is > %s@*your.domain.name* which is needed with > AD too. It looks like an email address. > 5. Add a mapping for "categorycode" with the text of the main user category > (staff, students, faculty...) It IS required for login, and is assigned to > the user automatically. > 6. Add the branchcode for the library. > > Also, I would change the userid mapping to is="sAMAccountName"> which is a unique name for every user with AD. > If it still gives you trouble, check the tags above and below your ldap > configuration, and be sure those were not affected by editing the file. I've been trying to adapt the configuration in according to my DC server but, for the moment, ldap auth doesn't work. I'm monitoring the traffic on 389 port on DC and no traffic come from the Koha server...that's quite strange. >>> >> >> Daniele >> ___ >> Koha mailing list http://koha-community.org >> Koha@lists.katipo.co.nz >> https://lists.katipo.co.nz/mailman/listinfo/koha > > -- > Héctor González > ca...@genac.org > > ___ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha > Bye Daniele ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli > wrote: > > Il 24/06/19 21:30, Hector Gonzalez ha scritto: >> Hi Daniele > > Hi > >>> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli >>> wrote: >>> >>> Software error: >>> Error reading file /etc/koha/sites/biblioname/koha-conf.xml. >>> Try running this again as the koha instance user (or use the koha-shell >>> command in debian) >> >> >> Is the file readable by koha? Permissions should be 640, with user root and >> biblioname-koha as the group (if that is the group that owns koha). > > The file is readable by Koha and in fact it has the correct permission > as you said. Ok, then try making these changes: *IP-OF-DC* > ou=Users,dc=*sub*,dc=*domain*,dc=*tld* 1 1 1 0 uid=%s@*sub*.*domain*.*tld* record field names --> YOURLIBRARYCODEinKoha STUDENT 1. change the hostname to the actual hostname of the ldap server, if it is using ldaps, it might want to check the certificate, and that is based on the name. 2. remove the and tags, as you are using auth_by_bind. (I don´t know if they are needed for so you might want to leave that there). 3. Add a line that says: 0 which is needed with AD logins when you are using auth_by_bind (sounds weird, but it works that way) 4. Change principal_name, the format is %s@*your.domain.name* which is needed with AD too. It looks like an email address. 5. Add a mapping for "categorycode" with the text of the main user category (staff, students, faculty...) It IS required for login, and is assigned to the user automatically. 6. Add the branchcode for the library. Also, I would change the userid mapping to which is a unique name for every user with AD. If it still gives you trouble, check the tags above and below your ldap configuration, and be sure those were not affected by editing the file. >> > > Daniele > ___ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha -- Héctor González ca...@genac.org ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Il 24/06/19 21:30, Hector Gonzalez ha scritto: > Hi Daniele Hi >> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli >> wrote: >> >> Software error: >> Error reading file /etc/koha/sites/biblioname/koha-conf.xml. >> Try running this again as the koha instance user (or use the koha-shell >> command in debian) > > > Is the file readable by koha? Permissions should be 640, with user root and > biblioname-koha as the group (if that is the group that owns koha). The file is readable by Koha and in fact it has the correct permission as you said. > -- > Héctor González > ca...@genac.org > > ___ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha > Daniele ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Hi Daniele > On Jun 24, 2019, at 4:22 AM, Daniele Piccoli > wrote: > > Software error: > Error reading file /etc/koha/sites/biblioname/koha-conf.xml. > Try running this again as the koha instance user (or use the koha-shell > command in debian) Is the file readable by koha? Permissions should be 640, with user root and biblioname-koha as the group (if that is the group that owns koha). -- Héctor González ca...@genac.org ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha Ldap Auth
Il 24/06/19 11:45, Katrin Fischer ha scritto: > Hi Daniele, Hi Katrin, > I think this line might be the problem: > > record field names --> > > You are missing the closing tag. I am not sure if a mapping is required > or if this could be removed, but it's invalid XML. Mapping tags were closed, like these: By the way, I've just tried to remove them, but the result is the same. > Hope this helps, > > Katrin > Thanks Daniele ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] koha LDAP
Hi Richard, You would add the configs in /etc/koha/sites/instancename/koha-conf.xml More information can be found here: http://perldoc.koha-community.org/C4/Auth_with_ldap.html Cheers, Liz On 16/10/15 12:56, Richard Maileseni wrote: > Hi, > > Please can anyone show me where I could acces the extra configs for ldap > > > > 1 > > > > Thanks, > > Richard > > ___ > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > https://lists.katipo.co.nz/mailman/listinfo/koha -- -- Liz Rea Catalyst.Net Limited Level 6, Catalyst House, 150 Willis Street, Wellington. P.O Box 11053, Manners Street, Wellington 6142 GPG: B149 A443 6B01 7386 C2C7 F481 B6c2 A49D 3726 38B7 signature.asc Description: OpenPGP digital signature ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] koha -- ldap: error
Samuel desseaux samuel.desse...@ecp.fr not well-formed (invalid token) at line 280, column 15, byte 11694 at /usr/lib/perl5/XML/Parser.pm line 187 BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Output.pm line 31. [...] I think to a mapping's problem but i need your opinion. My ldap's conf is the following ldapserver id=”ldapserver” listenref=”ldapserver” I think it's more fundamental. The XML cannot be understood (parsed). You must not put curly quotes in XML. Use straight quotes. Also if you have any unusual characters in any values, you should replace them with equivalent #x00FF; type hex codes (00FF is y-umlaut). http://www.alanwood.net/unicode/latin_1_supplement.html might help. xmllint --noout koha-conf.xml # will check that it is OK. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/ ___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha
Re: [Koha] Koha ldap authentification
mihafan, I'm not familiar with Microsofts LDAP schema, but, Are you sure this is correct?? basedc=koha,dc=local/base usercn=Administrator,cn=Users,dc=koha,dc=md/user asI understand it base sectionsets the base to start searching for users forauthentication, not the base for the server? do you need to put in the full dn for the user even after you specified the "base" ? maybe try: basedc=koha,dc=md/base usercn=Administrator,cn=Users/user passQ1W2e3r4/pass Here is my working LDAP config. section for eDir. maybe it will point you in the correct direction. in the base section my T = my root tree name ** useldapserver1/useldapserver!-- see C4::Auth_with_ldap for extra configs you must add if you want to turn this on --!-- LDAP SERVER (optional) --ldapserver id="ldapserver" listenref="ldapserver" hostname10.1.1.7/hostname baseT=ALMASCHOOLS/base user*/user !-- DN, if not anonymous -- pass*/pass !-- password, if not anonymous -- replicate1/replicate !-- add new users from LDAP to Koha database -- update0/update !-- update existing users in Koha database -- mapping !-- match koha SQL field names to your LDAP record field names -- firstname is="givenname" /firstname surname is="sn" /surname address is="" Alma Public Schools/address city is="" Alma/city zipcode is="" 48801/zipcode branchcode is="" PINE/branchcode userid is="cn" /userid password is="" /password email is="mail" /email categorycode is="" PT/categorycode phone is="telephonenumber"/phone /mapping/ldapserver** mihafanmiha...@gmail.com 5/10/2011 3:14 AM Description of problem:On local machine is installed windows server 2003 with configured activedirector.I installed Debian on another machine, here I installed Koha 3.2 which stillworks well.Koha have configured to use a active directory ldap server.I test this ldap server with Softerra LDAP Browser and it works, to testthis ldap server I use a credentials:cn=Administrator,cn=Users,dc=koha,dc=local, password: Q1W2e3r4.koha-conf.xml contents:yazgfs..config..memcached_servers/memcached_serversmemcached_namespace/memcached_namespaceuseldapserver1/useldapserver ldapserver id="ldapserver" hostname192.168.11.90:389/hostname basedc=koha,dc=local/base usercn=Administrator,cn=Users,dc=koha,dc=md/user passQ1W2e3r4/pass replicate1/replicate update1/update auth_by_bind1/auth_by_bind principal_name%@koha.local/principal_name mapping firstname is="givenName" /firstname surname is="sn" /surname address is="postalAddress" /address city is="l" /city branchcode is="" MAIN/branchcode userid is="sAMAccountName" Administrator/userid password is="userPassword" /password categorycode is=""PT/categorycode /mapping /ldapserver /config/yazgfsWhen I try to log in OPAC module, I give a error "Invalid username orpassword"!--View this message in context: http://koha.1045719.n5.nabble.com/Koha-ldap-authentification-tp4383836p4383836.htmlSent from the Koha - Discuss mailing list archive at Nabble.com.___Koha mailing list http://koha-community.orgKoha@lists.katipo.co.nzhttp://lists.katipo.co.nz/mailman/listinfo/koha___ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha