Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Koha Integration: LDAP

6,755 views

Published on

Do you want to keep your certain user information (like passwords!) automatically in sync with an external authentication server? LDAP is the answer here. - Joe Atzberger

Published in: Technology
  • jejeje
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Koha Integration: LDAP

  1. 1. LDAP Joe Atzberger, LibLime KohaCon 2009: Plano, TX
  2. 2. Need LDAP Tools? • Apache Directory Server & Studio (client) http://directory.apache.org/ • Open Source (Apache license) • Newer than openldap and more stable. • Runs on OSX, Win32 and linux. “We strive to increase LDAP awareness, comfort and adoption to bring Modern LDAP Renaissance.” forth what we call the
  3. 3. Need LDAP Tools? • OpenLDAP - http://www.openldap.org/ • includes command line tools: ldapsearch, ldapadd, etc. • Net::LDAP - CPAN perl module
  4. 4. LDAP Timing • Koha LDAP does not go grab all your users as a “dump”. That is what IMPORT is for. Instead it updates when they try to login. • Implications: lightweight, happening in realtime. Somewhat literal, no XSL or other conditional processing.
  5. 5. <ldapserver> bind <hostname>ldap://auth.example.com:389</hostname> <base>dc=example,dc=com</base> <user>cn=Admin,dc=example,dc=com</user> <!-- DN, if not anonymous --> <pass>s3cur1T</pass> <!-- password, if not anonymous --> • So you can anonymous bind (not recommended) • Otherwise, specify user for bind • bind-as-auth: others have hacked Koha to do it, but not cleanly enough to get into HEAD. So I’m not presenting it.
  6. 6. <ldapserver> options
  7. 7. <ldapserver> options <replicate>1</replicate><!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database -->
  8. 8. <ldapserver> options <replicate>1</replicate><!-- add new users from LDAP to Koha database --> <update>1</update> <!-- update existing users in Koha database --> Default is ON for both.
  9. 9. Know your own Schema • For example, version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson inetOrgPerson, objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen RFC#2798: displayName: Babs Jensen sn: Jensen givenName: Barbara http://www.ietf.org/rfc/rfc2798.txt initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  10. 10. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  11. 11. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  12. 12. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  13. 13. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  14. 14. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson Pick data Koha cares about cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  15. 15. version: 1 dn: cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson Pick data Koha cares about cn: Barbara Jensen cn: Babs Jensen displayName: Babs Jensen sn: Jensen givenName: Barbara initials: BJJ title: manager, product development uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 carLicense: 6ABC246 o: Siroe ou: Product Development departmentNumber: 2604 employeeNumber: 42 employeeType: full time preferredLanguage: fr, en-gb;q=0.8, en;q=0.7 labeledURI: http://www.siroe.com/users/bjensen My Home Page
  16. 16. Pick data Koha cares about sn: Jensen givenName: Barbara initials: BJJ uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 o: Siroe departmentNumber: 2604 employeeNumber: 42 employeeType: full time
  17. 17. Pick data Koha cares about sn: Jensen givenName: Barbara initials: BJJ uid: bjensen mail: bjensen@siroe.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 mobile: +1 408 555 1941 roomNumber: 0209 o: Siroe departmentNumber: 2604 employeeNumber: 42 employeeType: full time
  18. 18. Data Koha Cares About • You define it with <ldapserver> <mapping> element in koha-conf.xml • But some fields are required. • And some of those are *really* required. • See perldoc C4::Auth_with_ldap
  19. 19. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping>
  20. 20. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping>
  21. 21. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping>
  22. 22. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping>
  23. 23. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields in borrowers.*
  24. 24. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields in borrowers.*
  25. 25. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields in borrowers.*
  26. 26. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields LDAP fields in borrowers.* in Schema
  27. 27. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields LDAP fields ==> in borrowers.* in Schema
  28. 28. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Koha fields LDAP fields ==> in borrowers.* in Schema
  29. 29. The <mapping> <mapping> <firstname is=quot;givennamequot; ></firstname> <surname is=quot;snquot; ></surname> <address is=quot;postaladdressquot; ></address> <city is=quot;lquot; >Athens, OH</city> <zipcode is=quot;postalcodequot; ></zipcode> <branchcode is=quot;branchquot; >MAIN</branchcode> <userid is=quot;uidquot; ></userid> <password is=quot;userpasswordquot; ></password> <email is=quot;mailquot; ></email> <categorycode is=quot;employeetypequot; >PT</categorycode> <phone is=quot;telephonenumberquot;></phone> </mapping> Default Values Koha fields LDAP fields ==> in borrowers.* in Schema
  30. 30. Required Data: 3 Kinds
  31. 31. Required Data: 3 Kinds • Required by database
  32. 32. Required Data: 3 Kinds • Required by database • Required for login
  33. 33. Required Data: 3 Kinds • Required by database • Required for login • Required by you
  34. 34. Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: • surname • address • city
  35. 35. Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: Tricky: • surname • branchcode • address • categorycode • city
  36. 36. Required by database mysql> show full columns from borrowers; -- field req`d where Null=NO Easy: Tricky: • surname • branchcode • address • categorycode MUST MATCH VALID • city KOHA VALUES
  37. 37. Required by login userid: • can come from from anything • but it better be unique
  38. 38. Required by login password: userid: • branchcode • can come from from anything • categorycode • but it better be unique
  39. 39. The End LDAP Joe Atzberger, LibLime KohaCon 2009: Plano, TX

×