#1 2020-08-13 12:41:22

WinstonVan
Member
From: Germany, Munchen
Registered: 2020-08-11
Posts: 112
Website

Test Koha LDAP connection To test the LDAP connection

Koha is a free library software that we use at our school

We use it to manage both our teaching materials and our school library.
Previously we used LITTERA for this, but since last summer we have switched completely to Koha.
The core of our school infrastructure is a linuxmuster.net school server.
Every student and colleague has an internal username, which is needed to log in at our school computers.
linuxmuster.net has a LDAP server for this purpose.
Basit LDAP bağları sebebiyle; Domain üzerinde ayrıcaklıklı yetkilere sahip olan yönetici hesapların bilgilerinin ağ üzerinde açık metin olarak dolaşmasına izin verilirken imzasız LDAP bağlantıları sebebiyle Domain Controller makineler ve istemciler arasındaki veri paketlerin yakalanmasına, paketlerin değiştirilmesi ve tekrar yönlendirilmesine davetiye çıkarılabiliyor.

In this article I would like to show you how to set up a LDAP connection in Koha

so that all users can log in to the library system with their internal school login.
Furthermore, we have to make sure that our Koha server can also reach the LDAP server via the ports (TCP/UDP 636) for LDAPS.
Connect Koha to Active Directory / AD (linuxmuster.net v7) Linuxmuster.net v7 comes with a Samba 4 Active Directory.
You’ll also need:    One of the following browsers:Microsoft Edge v77 or laterGoogle ChromeA user account discovered with AAD and Active Directory user discovery (see the Tenant Attach blog post for details on AAD user discovery).A device running the latest ConfigMgr clientPowerShell 3.0 or later running on the targeted device.An approved script in ConfigMgr – more on this shortly    The following permissions are required for this cool feature to operate:    Read permissions on the device’s collection in ConfigMgrHave the Run Scripts permissions for collections in ConfigMgrAdded as an admin user in the Configuration Manager Microservice application in Azure AD.
This has also changed the connection to Koha compared to the previous version.
With Samba 4 / AD the mapping looks like this:   Configure Koha LDAP connection (linuxmuster.net v6.2) Koha saves its settings in the file koha-conf.
The settings are still in /etc/koha/sites/library/koha-conf.xml (if the Koha instance is called library).

Getting started in Koha may be a bit steeper than other library programs

but the possibilities and flexibility of this open source software are impressive.
We need to edit this file as follows:   ldaps://10.0.0.1   ou=schools,dc=linuxpattern,dc=net   cn=global-binduser,ou=management,ou=GLOBAL,dc=linuxmuster,dc=net   Bind user password   1    1    0   1               A few short hints:  : Here we have to enter the address of the LDAP server (the linuxmuster.net v7 server).
We also need to make sure that our Koha server can reach the LDAP server through the ports (TCP/UDP 636) for LDAPS.

: The LDAP path for our user accounts

The domain at the end will probably need to be adjusted.
: the bind-user, .

So that Koha can access the user data in AD

: The password of the Bind-User.
It can be found on the linuxmuster.net server at /etc/linuxmuster/.secret/global-binduser : If a user logs in via LDAP, we want him to get a Koha account as well.
: We need this option to update users with information from LDAP if a Koha account already exists.
: We want to use the bind user for the logon credentials check.
For Active Directory, this option must be 1.
: This is probably the most difficult part.
The most suitable is the userPrincipalName from AD.
For linuxmuster.net v7 it is set to [email protected] (adjust domain again!).
User is replaced here by %s (which again is determined by the mapping below).

: Here we can define which data from LDAP / AD should overwrite which attribute in Koha

Most importantly, userid is important, as this is used to replace the %s in.
With Samba 4 / AD the mapping looks like this:   Configure Koha LDAP connection (linuxmuster.net v6.2) Koha saves its settings in the file koha-conf.
xml.
This file is located at /etc/koha/sites/library/koha-conf.
xml, if the Koha instance is called library.
We open this file with an editor of our choice and look for the entry 0.$ sudo nano /etc/koha/sites/library/koha-conf.xmlThe documentation for the Koha LDAP connection is not very detailed.

The essential information can be found in the Perl documentation on the Koha LDAP module

On this page you will find an example configuration, which we can mostly use.
A few small changes are necessary to make the integration between linuxmuster.net and Koha work fine.

First we change 0 to 1 to inform Koha that we want to use an LDAP server for the login

Immediately afterwards we insert the following lines:   ldaps://10.16.1.1   ou=Accounts,dc=linuxmuster,dc=net   cn=admin,dc=linuxmuster,dc=net   Bind-User-Passwort   1          1                1                                 A few short hints:  : Here we have to specify the address of the LDAP server (the linuxmuster.
net server).
Furthermore, we have to make sure that our Koha server can also reach the LDAP server via the ports (TCP/UDP 636) for LDAPS.
: The LDAP path for our user accounts.
The domain at the end probably needs to be adjusted.
: the bind-user, so that Koha can access the user data.
: The password of the bind user.
It is located on the linuxmuster.
net server at /etc/ldap/ldap.
secret : When a user logs in via LDAP, we want him/her to have a Koha account.
: We need this option to update users with information from LDAP if a coha account already exists.
: To check the logon data we want to use the bind-user.

: Here we can define which data from the LDAP should overwrite which attribute in Koha

Especially important is userid and password.
Test Koha LDAP connection To test the LDAP connection, .

We call the Koha OPAC page and log in with a linuxmuster

net user account.
If there are problems loading the website or if you can’t log in, you can check the Koha server at /var/log/koha/library/opac-error.
log for the reason.
If the login was successful, you will see a list of the user’s current borrowings:  Test Koha LDAP / AD connection via command line Especially when setting up the connection to the LDAP / AD server it is faster if you can test directly on the command line if the configuration is correct.
To do this, enter the following commands:$ service koha-common restart && service memcached restart $ export PERL5LIB=/usr/share/koha/lib/ && export KOHA_CONF=/etc/koha/sites/library/koha-conf.xml && perl /usr/share/koha/opac/cgi-bin/opac/opac-user.pl userid=user1 password=fooMake sure to adapt the path to the koha-conf.xml, as well as user and password.

Conclusion The LDAP connection in Koha is a big win for our users

Previously, with LITERRA it was not possible for individual users to see their current loans.
Furthermore, the user data now only have to be maintained in one place and not in different programs.
Operation via a web interface is a great benefit for all library staff and simplifies their work.
Getting started in Koha may be a bit steeper than other library programs, but the possibilities and flexibility of this open source software are impressive.
The post How to connect Koha to LDAP / Active Directory appeared first on Open School Solutions.
.


HƯỚNG  DẪN CÁCH CHƠI  SPA KẸO NGỌT Bạn hãy hoàn thành nhiệm vụ làm đẹp cho cô nàng trong game spa kẹo ngọt bằng cách sử dụng chuột và bấm chuột trái để chăm sóc da cũng như trang điểm cho cô nàng và lựa chọn cho cô ấy những bộ trang phục đẹp nhất nhé

Offline

Board footer

Powered by FluxBB