X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth_with_ldap.pm;h=e6ed1816305ee334db0474f902ac20af71c37fc9;hb=3d19494d1c93515da129ac38787455ade7f043ad;hp=76026282b32c5ab2e9c6d644c28639a3440d8da0;hpb=cac0e44fdb273a9d43e6fb1747aa7ca962b09081;p=koha.git diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index 76026282b3..e6ed181630 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -20,6 +20,7 @@ package C4::Auth_with_ldap; use strict; use Digest::MD5 qw(md5_base64); +use C4::Debug; use C4::Context; use C4::Members qw(AddMember changepassword); use C4::Utils qw( :all ); @@ -30,15 +31,14 @@ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug); BEGIN { require Exporter; - $VERSION = 3.01; # set the version for version checking - $debug = $ENV{DEBUG} || 0; + $VERSION = 3.03; # set the version for version checking @ISA = qw(Exporter); @EXPORT = qw( checkpw_ldap ); } # Redefine checkpw_ldap: # connect to LDAP (named or anonymous) -# ~ retrieves $userid from "uid" +# ~ retrieves $userid from KOHA_CONF mapping # ~ then compares $password with userPassword # ~ then gets the LDAP entry # ~ and calls the memberadd if necessary @@ -49,7 +49,7 @@ sub ldapserver_error ($) { use vars qw($mapping @ldaphosts $base $ldapname $ldappassword); my $context = C4::Context->new() or die 'C4::Context->new failed'; -my $ldap = $context->{server}->{ldapserver} or die 'No "ldapserver" in server hash from KOHA_CONF: ' . $ENV{KOHA_CONF}; +my $ldap = C4::Context->config("ldapserver") or die 'No "ldapserver" in server hash from KOHA_CONF: ' . $ENV{KOHA_CONF}; my $prefhost = $ldap->{hostname} or die ldapserver_error('hostname'); my $base = $ldap->{base} or die ldapserver_error('base'); $ldapname = $ldap->{user} or die ldapserver_error('user'); @@ -77,7 +77,8 @@ sub checkpw_ldap { my ($dbh, $userid, $password) = @_; my $db = Net::LDAP->new([$prefhost]); #$debug and $db->debug(5); - my $filter = Net::LDAP::Filter->new("uid=$userid") or die "Failed to create new Net::LDAP::Filter"; + my $uid_field = $mapping{userid}->{is} or die ldapserver_error("mapping for 'userid'"); + my $filter = Net::LDAP::Filter->new("$uid_field=$userid") or die "Failed to create new Net::LDAP::Filter"; my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword); if ($res->code) { # connection refused warn "LDAP bind failed as $ldapname: " . description($res); @@ -233,10 +234,10 @@ C4::Auth - Authenticates Koha users * Modify ldapserver element in KOHA_CONF * Establish field mapping in element. - It is assumed your user records are stored according to the inetOrgPerson schema, RFC#2798. - Thus the username must match the "uid" field, and the password must match the "userpassword" field. + For example, if your user records are stored according to the inetOrgPerson schema, RFC#2798, + the username would match the "uid" field, and the password should match the "userpassword" field. - Make sure that the required fields are populated in your LDAP database (and mapped in KOHA_CONF). + Make sure that ALL required fields are populated by your LDAP database (and mapped in KOHA_CONF). What are the required fields? Well, in mysql you can check the database table "borrowers" like this: mysql> show COLUMNS from borrowers; @@ -302,30 +303,33 @@ C4::Auth - Authenticates Koha users =head1 KOHA_CONF and field mapping -Example XML stanza for LDAP configuration in KOHA_CONF: - - - - localhost - dc=metavore,dc=com - cn=Manager,dc=metavore,dc=com - metavore - 1 - 1 - - - -
- Athens, OH - - MAIN - - - - PT - - - +Example XML stanza for LDAP configuration in KOHA_CONF. + + + ... + + + localhost + dc=metavore,dc=com + cn=Manager,dc=metavore,dc=com + metavore + 1 + 1 + + + +
+ Athens, OH + + MAIN + + + + PT + + + + The subelements establish the relationship between mysql fields and LDAP attributes. The element name is the column in mysql, with the "is" characteristic set to the LDAP attribute name. Optionally, any content