On 27/06/19 1:13 AM, Daniele Piccoli wrote: > Il 26/06/19 00:44, Hector Gonzalez ha scritto: >>> On Jun 25, 2019, at 8:28 AM, Daniele Piccoli <daniele.picc...@riseup.net> >>> wrote: >>> >>> Il 24/06/19 21:30, Hector Gonzalez ha scritto: >>>> Hi Daniele >>> Hi >>> >>>>> On Jun 24, 2019, at 4:22 AM, Daniele Piccoli <daniele.picc...@riseup.net> >>>>> wrote: >>>>> >>>>> Software error: >>>>> Error reading file /etc/koha/sites/biblioname/koha-conf.xml. >>>>> Try running this again as the koha instance user (or use the koha-shell >>>>> command in debian) >>>> Is the file readable by koha? Permissions should be 640, with user root >>>> and biblioname-koha as the group (if that is the group that owns koha). >>> The file is readable by Koha and in fact it has the correct permission >>> as you said. > I missed an end tag in a comment before, and so it gave me the error > about reading > > Now, the error disappeared > >> Ok, then try making these changes: >> >> <ldapserver id="ldapserver" listenref="ldapserver"> >> <hostname>*IP-OF-DC*</hostname> <ldaps://*IP-OF-DC*</hostname>> >> <base>ou=Users,dc=*sub*,dc=*domain*,dc=*tld*</base> >> <replicate>1</replicate> >> <update>1</update> >> <auth_by_bind>1</auth_by_bind> >> <anonymous_bind>0</anonymous_bind> >> <principal_name>uid=%s@*sub*.*domain*.*tld*</principal_name> >> <mapping>record field names --> >> <userid is="uid"></userid> >> <password is="userpassword"></password> >> <email is="mail"></email> >> <branchcode is="">YOURLIBRARYCODEinKoha</branchcode> >> <categorycode is="">STUDENT</categorycode> >> </mapping> >> </ldapserver> >> >> 1. change the hostname to the actual hostname of the ldap server, if it is >> using ldaps, it might want to check the certificate, and that is based on >> the name. >> 2. remove the <user> and <pass> tags, as you are using auth_by_bind. (I >> don´t know if they are needed for <update> so you might want to leave that >> there). >> 3. Add a line that says: <anonymous_bind>0</anonymous_bind> which is needed >> with AD logins when you are using auth_by_bind (sounds weird, but it works >> that way) >> 4. Change principal_name, the format is >> <principal_name>%s@*your.domain.name*</principal_name> which is needed with >> AD too. It looks like an email address. >> 5. Add a mapping for "categorycode" with the text of the main user category >> (staff, students, faculty...) It IS required for login, and is assigned to >> the user automatically. >> 6. Add the branchcode for the library. >> >> Also, I would change the userid mapping to <userid >> is="sAMAccountName"></userid> which is a unique name for every user with AD. >> If it still gives you trouble, check the tags above and below your ldap >> configuration, and be sure those were not affected by editing the file. > I've been trying to adapt the configuration in according to my DC server > but, for the moment, ldap auth doesn't work. > > I'm monitoring the traffic on 389 port on DC and no traffic come from > the Koha server...that's quite strange. >
hi Daniele here is a working config example of a Koha (v18.05.05) talking to an AD server hope that helps... -------------------------- <useldapserver>1</useldapserver> <ldapserver id="ldapserver"> <hostname>ldaps://1.2.3.4:30040</hostname> <base>DC=aaa,DC=bbb,DC=gov,DC=au</base> <replicate>1</replicate> <update>1</update> <auth_by_bind>1</auth_by_bind> <anonymous_bind>0</anonymous_bind> <update_password>0</update_password> <principal_name>%s...@aaa.bbb.gov.au</principal_name> <mapping> <userid is="sAMAccountName" /> <firstname is="givenname" ></firstname> <surname is="sn" ></surname> <email is="userPrincipalName" /> <categorycode is="employeetype" >S</categorycode> <branchcode is="branch" >AAA</branchcode> <phone is="telephoneNumber" /> </mapping> </ldapserver> -------------------------- _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
