Tags
There are no tags for this page.
Attachments
KOHA
LDAP
Kako podesiti Kohu da radi s LDAP bazom?
Video prezentacije o Virtual LDAP-u: http://html5tv.rot13.org/HULK-Virtual_LDAP.html
Prezentacija: hulk-Virtual-LDAP.odp
Što nam omogućava Koha?
- otvaranje novih korisnika koji postoje u LDAP-u (replicate, uključeno)
- sinhronizacija podataka između LDAP-a i kohe kod svakog logiranja korisnika (update, isključeno)
Time dobivamo nove korisnike prvi puta kada se ulogiraju.
Kako vidjeti strukturu LDAP baze?
ldapvi --host _hostname_:389 -d
ldapvi --host _hostname_:389 -d uid=_username_
Greška:
[Tue Jan 13 23:58:36 2009] opac-user.pl: LDAP Auth rejected : invalid password for user 'mglavica@ffzg.hr'. LDAP error #50: LDAP_INSUFFICIENT_ACCESS
[Tue Jan 13 23:58:36 2009] opac-user.pl: # The client does not have sufficient access to perform the requested
[Tue Jan 13 23:58:36 2009] opac-user.pl: operation
Koha LDAP konfiguracija
Provjeriti verziju
dpavlin@koha-dev:/srv/koha$ grep VERSION /srv/koha/C4/Auth_with_ldap.pm
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug);
$VERSION = 3.10; # set the version for version checking
/etc/koha/koha-conf.xml
<ldapserver id="ldapserver" listenref="ldapserver">
<!--
<hostname>ldaps://ldap.ffzg.hr</hostname>
-->
<hostname>ldap://localhost:1389</hostname>
<base>dc=ffzg,dc=hr</base>
<replicate>1</replicate> <!-- add new users from LDAP to Koha database -->
<update>0</update> <!-- update existing users in Koha database -->
<auth_by_bind>1</auth_by_bind>
<principal_name>%s</principal_name> <!-- optional, for auth_by_bind: a printf format to make userPrincipalName from koha userid -->
<mapping> <!-- match koha SQL field names to your LDAP record field names -->
<firstname is="givenname" ></firstname>
<surname is="sn" ></surname>
<address is="ffzg-ml_postanska_adresa_0" ></address>
<!--
<city is="ffzg-prebivaliste_mjesto" ></city>
-->
<city is="ffzg-ml_postanska_adresa_1" ></city>
<zipcode is="ffzg-prebivaliste_postanski_broj"></zipcode>
<branchcode is="local-branch" >FFZG</branchcode>
<userid is="hredupersonuniqueid" ></userid>
<password is="userpassword" ></password>
<email is="mail" ></email>
<categorycode is="local-categorycode" >IMP</categorycode>
<dateofbirth is="ffzg-datum_rodjenja" ></dateofbirth>
<sex is="ffzg-spol" ></sex>
<phone is="ffzg-ml_telefoni_fixed"></phone>
<mobile is="ffzg-ml_telefoni_mobile"></mobile>
</mapping>
</ldapserver>
Koristi LDAP rewrite
Da bi sve radilo potrebno je ugasiti ExtendedPatronAttributes na https://10.60.0.252:8443/cgi-bin/koha/admin/preferences.pl?tab=patrons
auth as user promjene (prvi pokušaj)
Koha konfiguracija skoro radi, osim što je LDAP DN login@ffzg.hr umjesto uid=login,dc=ffzg,dc=hr
Ali, kako se spajamo na pravi ldap.ffzg.hr preko naše proxy skripte koja obogaćuje zapis podacima,
na tom mjestu rewritamo i DN u ispravan oblik
i konfiguracijom u /etc/koha/koha-conf.xml
<ldapserver id="ldapserver" listenref="ldapserver">
<hostname>ldaps://ldap.ffzg.hr</hostname>
<base>dc=ffzg,dc=hr</base>
<replicate>1</replicate> <!-- add new users from LDAP to Koha database -->
<update>1</update> <!-- update existing users in Koha database -->
<mapping> <!-- match koha SQL field names to your LDAP record field names -->
<firstname is="givenname" ></firstname>
<surname is="sn" ></surname>
<address is="ffzg-ml_postanska_adresa_0" ></address>
<!--
<city is="ffzg-prebivaliste_mjesto" ></city>
-->
<city is="ffzg-ml_postanska_adresa_1" ></city>
<zipcode is="ffzg-prebivaliste_postanski_broj"></zipcode>
<branchcode is="local-branch" >FFZG</branchcode>
<userid is="hredupersonuniqueid" ></userid>
<password is="userpassword" ></password>
<email is="mail" ></email>
<categorycode is="local-categorycode" >IMP</categorycode>
<dateofbirth is="ffzg-datum_rodjenja" ></dateofbirth>
<sex is="ffzg-spol" ></sex>
<phone is="ffzg-ml_telefoni_fixed"></phone>
<mobile is="ffzg-ml_telefoni_mobile"></mobile>
</mapping>
</ldapserver>
ldaps na upstream LDAP
ldaps zahtjeva instalaciju IO::Socket::SSL sa
sudo apt-get install libio-socket-ssl-perl
cardnumber ne dolazi iz ldap-a
Osim kod prvog ulogiravanja korisnika kada mu se postavlja isti kao mail
izbaciti sve promjene izvan Kohe (TRENUTNO RJEŠENJE)
Da bi nam upgrade na novije verzije Kohe bio što jednostavniji, odlučili smo sve LDAP promjene na kraju izbaciti iz Kohe u LDAP rewrite.
Koje podatke imamo u LDAP bazi?
ovo spada pod osnovne podatke:
* uid - identifikator, korisnicko ime
* hrEduPersonUniqueID - identifikator, uid@ffzg.hr
* cn - ime i prezime
* sn - prezime
* givenName - ime
* mail
* hrEduPersonUniqueNumber - JMBG, JMBAG, LOCAL_NO, PASSPORT_NO i slicni identifikatori..
* hrEduPersonAffiliation - povezanost s ustanovom, moze biti vise povezanosti
* hrEduPersonPrimaryAffiliation - temeljna povezanost
* hrEduPersonExpireDate - datum istek temeljne povezanosti, odnosno korisnockog racuna
"Kada cu produzivati korisnicke racune, ja cu svim studentima
kojima mogu, upisati JMBAG. Kasnije bi to bilo dobro prebaciti
u OIB, koji se vec i spominje u raspravama :)" (Došen)
Linkovi
Koha virtual LDAP, LDAP rewrite
|