Koha - Active Directory LDAP struggles

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Koha - Active Directory LDAP struggles

mbc_az
I've tried searching the archives and can't seem to find the answer. When
we use a correct username/password, the login page generates a Software
Error:

LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0,
comment: Error processing name, data 0, v3839 at
/usr/share/koha/lib/C4/Auth_with_ldap.pm line 97.

Our conf file is set up like this:

 <useldapserver>1</useldapserver>
 <ldapserver id="ldapserver" listenref="ldapserver">
 <hostname>ldaps://ldap.azag.gov</hostname>
 <base>"OU=XX,DC=XXXX,DC=XXX"</base>
 <user>ldapauth</user><!-- DN, if not anonymous -->
 <pass>XXXXXX</pass>              <!-- password, if not anonymous -->
 <replicate>1</replicate>       <!-- add new users from LDAP to Koha
database -->
 <update>1</update>             <!-- update existing users in Koha database
-->
 <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding
instead of password comparison, e.g., to use A$ -->
 <anonymous_bind>0</anonymous_bind>
 <principal_name>%s</principal_name>
 <mapping>             <!-- match koha SQL field names to your LDAP record
field names -->
 <userid is="sAMAccountName"></userid>
 <password is="userpassword"></password>
 <firstname is="givenname"></firstname>
      <surname is="sn"></surname>
 <branchcode is="">XXXX</branchcode>
 <categorycode is="">PT</categorycode>
 <email        is="mail"></email>
 </mapping>
 </ldapserver>

When logging in, we have to use "[hidden email]" instead of just
"username". However, our emails are formatted "[hidden email]".
I thought this might be the reason it's generating the error, but I'm not
sure how to change the config file to reflect that. Or if I need to change
the auth_with_ldap file.

Thanks,
Michael
_______________________________________________

Koha mailing list  http://koha-community.org
[hidden email]
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Reply | Threaded
Open this post in threaded view
|

Re: Koha - Active Directory LDAP struggles

Karam Qubsi-2
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Koha - Active Directory LDAP struggles

mbc_az
Thank you, another user reached out.

It turned out that my userid attribute needed to be "userPrincipalName" to
work within the environment.



On Thu, May 27, 2021, 7:16 AM Karam Qubsi <[hidden email]> wrote:

> Hello Michael,
>
> if your users will insert usernames as *firstname.lastname* in koha, and
> you need to match it as [hidden email] in your ldap server
> then you need to update your config like this :
> <principal_name>%[hidden email]</principal_name>
>
> Hope this can help
> Best wishes
>
> On Wed, May 26, 2021 at 10:44 PM Michael BC <[hidden email]> wrote:
>
>> I've tried searching the archives and can't seem to find the answer. When
>> we use a correct username/password, the login page generates a Software
>> Error:
>>
>> LDAP search failed to return object : 0000208F: LdapErr: DSID-0C090AC0,
>> comment: Error processing name, data 0, v3839 at
>> /usr/share/koha/lib/C4/Auth_with_ldap.pm line 97.
>>
>> Our conf file is set up like this:
>>
>>  <useldapserver>1</useldapserver>
>>  <ldapserver id="ldapserver" listenref="ldapserver">
>>  <hostname>ldaps://ldap.azag.gov</hostname>
>>  <base>"OU=XX,DC=XXXX,DC=XXX"</base>
>>  <user>ldapauth</user><!-- DN, if not anonymous -->
>>  <pass>XXXXXX</pass>              <!-- password, if not anonymous -->
>>  <replicate>1</replicate>       <!-- add new users from LDAP to Koha
>> database -->
>>  <update>1</update>             <!-- update existing users in Koha
>> database
>> -->
>>  <auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by binding
>> instead of password comparison, e.g., to use A$ -->
>>  <anonymous_bind>0</anonymous_bind>
>>  <principal_name>%s</principal_name>
>>  <mapping>             <!-- match koha SQL field names to your LDAP record
>> field names -->
>>  <userid is="sAMAccountName"></userid>
>>  <password is="userpassword"></password>
>>  <firstname is="givenname"></firstname>
>>       <surname is="sn"></surname>
>>  <branchcode is="">XXXX</branchcode>
>>  <categorycode is="">PT</categorycode>
>>  <email        is="mail"></email>
>>  </mapping>
>>  </ldapserver>
>>
>> When logging in, we have to use "[hidden email]" instead of just
>> "username". However, our emails are formatted "[hidden email]
>> ".
>> I thought this might be the reason it's generating the error, but I'm not
>> sure how to change the config file to reflect that. Or if I need to change
>> the auth_with_ldap file.
>>
>> Thanks,
>> Michael
>> _______________________________________________
>>
>> Koha mailing list  http://koha-community.org
>> [hidden email]
>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>>
>
>
> --
> *Karam Qubsi*
>
_______________________________________________

Koha mailing list  http://koha-community.org
[hidden email]
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Reply | Threaded
Open this post in threaded view
|

Re: Koha - Active Directory LDAP struggles

Karam Qubsi-2
CONTENTS DELETED
The author has deleted this message.