Koha Integration: LDAP

LDAP Joe Atzberger, LibLime KohaCon 2009: Plano, TX

Need LDAP Tools? • Apache Directory Server & Studio (client) http://directory.apache.org/ • Open Source (Apache license) • Newer than openldap and more stable. • Runs on OSX, Win32 and linux. “We strive to increase LDAP awareness, comfort and adoption to bring Modern LDAP Renaissance.” forth what we call the

Need LDAP Tools? • OpenLDAP - http://www.openldap.org/ • includes command line tools: ldapsearch, ldapadd, etc. • Net::LDAP - CPAN perl module

LDAP Timing • Koha LDAP does not go grab all your users as a “dump”. That is what IMPORT is for. Instead it updates when they try to login. • Implications: lightweight, happening in realtime. Somewhat literal, no XSL or other conditional processing.

<ldapserver> bind <hostname>ldap://auth.example.com:389</hostname> <base>dc=example,dc=com</base> <user>cn=Admin,dc=example,dc=com</user>  <pass>s3cur1T</pass>  • So you can anonymous bind (not recommended) • Otherwise, specify user for bind • bind-as-auth: others have hacked Koha to do it, but not cleanly enough to get into HEAD. So I’m not presenting it.

<ldapserver> options

<ldapserver> options <replicate>1</replicate> <update>1</update>

<ldapserver> options <replicate>1</replicate> <update>1</update>  Default is ON for both.

Know your own Schema • For example, version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson inetOrgPerson, objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen RFC#2798: displayName: Babs Jensen sn: Jensen givenName: Barbara http://www.ietf.org/rfc/rfc2798.txt initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page

version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page

version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson Pick data Koha cares about cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page

Pick data Koha cares about sn: Jensen givenName: Barbara initials: BJJ uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 o: Siroe departmentNumber: 2604 employeeNumber: 42 employeeType: full time

Data Koha Cares About • You deﬁne it with <ldapserver> <mapping> element in koha-conf.xml • But some ﬁelds are required. • And some of those are *really* required. • See perldoc C4::Auth_with_ldap

The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping>

The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha ﬁelds in borrowers.*

The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha ﬁelds LDAP ﬁelds in borrowers.* in Schema

The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha ﬁelds LDAP ﬁelds ==> in borrowers.* in Schema

The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Default Values Koha ﬁelds LDAP ﬁelds ==> in borrowers.* in Schema

Required Data: 3 Kinds

Required Data: 3 Kinds • Required by database

Required Data: 3 Kinds • Required by database • Required for login

Required Data: 3 Kinds • Required by database • Required for login • Required by you

Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: • surname • address • city

Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: Tricky: • surname • branchcode • address • categorycode • city

Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: Tricky: • surname • branchcode • address • categorycode MUST MATCH VALID • city KOHA VALUES

Required by login userid: • can come from from anything • but it better be unique

Required by login password: userid: • branchcode • can come from from anything • categorycode • but it better be unique

The End LDAP Joe Atzberger, LibLime KohaCon 2009: Plano, TX

Koha Integration: LDAP

by ohiocore on May 01, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 33

Statistics

Koha Integration: LDAP — Presentation Transcript