<<

NAME

C4::Auth - Authenticates Koha users

SYNOPSIS

  use C4::Auth_with_ldap;

LDAP Configuration

    This module is specific to LDAP authentification. It requires Net::LDAP package and one or more
        working LDAP servers.
        To use it :
           * Modify ldapserver element in KOHA_CONF
           * Establish field mapping in <mapping> element.

        For example, if your user records are stored according to the inetOrgPerson schema, RFC#2798,
        the username would match the "uid" field, and the password should match the "userpassword" field.

        Make sure that ALL required fields are populated by your LDAP database (and mapped in KOHA_CONF).  
        What are the required fields?  Well, in mysql you can check the database table "borrowers" like this:

        mysql> show COLUMNS from borrowers;
                +------------------+--------------+------+-----+---------+----------------+
                | Field            | Type         | Null | Key | Default | Extra          |
                +------------------+--------------+------+-----+---------+----------------+
                | borrowernumber   | int(11)      | NO   | PRI | NULL    | auto_increment | 
                | cardnumber       | varchar(16)  | YES  | UNI | NULL    |                | 
                | surname          | mediumtext   | NO   |     |         |                | 
                | firstname        | text         | YES  |     | NULL    |                | 
                | title            | mediumtext   | YES  |     | NULL    |                | 
                | othernames       | mediumtext   | YES  |     | NULL    |                | 
                | initials         | text         | YES  |     | NULL    |                | 
                | streetnumber     | varchar(10)  | YES  |     | NULL    |                | 
                | streettype       | varchar(50)  | YES  |     | NULL    |                | 
                | address          | mediumtext   | NO   |     |         |                | 
                | address2         | text         | YES  |     | NULL    |                | 
                | city             | mediumtext   | NO   |     |         |                | 
                | zipcode          | varchar(25)  | YES  |     | NULL    |                | 
                | email            | mediumtext   | YES  |     | NULL    |                | 
                | phone            | text         | YES  |     | NULL    |                | 
                | mobile           | varchar(50)  | YES  |     | NULL    |                | 
                | fax              | mediumtext   | YES  |     | NULL    |                | 
                | emailpro         | text         | YES  |     | NULL    |                | 
                | phonepro         | text         | YES  |     | NULL    |                | 
                | B_streetnumber   | varchar(10)  | YES  |     | NULL    |                | 
                | B_streettype     | varchar(50)  | YES  |     | NULL    |                | 
                | B_address        | varchar(100) | YES  |     | NULL    |                | 
                | B_city           | mediumtext   | YES  |     | NULL    |                | 
                | B_zipcode        | varchar(25)  | YES  |     | NULL    |                | 
                | B_email          | text         | YES  |     | NULL    |                | 
                | B_phone          | mediumtext   | YES  |     | NULL    |                | 
                | dateofbirth      | date         | YES  |     | NULL    |                | 
                | branchcode       | varchar(10)  | NO   | MUL |         |                | 
                | categorycode     | varchar(10)  | NO   | MUL |         |                | 
                | dateenrolled     | date         | YES  |     | NULL    |                | 
                | dateexpiry       | date         | YES  |     | NULL    |                | 
                | gonenoaddress    | tinyint(1)   | YES  |     | NULL    |                | 
                | lost             | tinyint(1)   | YES  |     | NULL    |                | 
                | debarred         | tinyint(1)   | YES  |     | NULL    |                | 
                | contactname      | mediumtext   | YES  |     | NULL    |                | 
                | contactfirstname | text         | YES  |     | NULL    |                | 
                | contacttitle     | text         | YES  |     | NULL    |                | 
                | guarantorid      | int(11)      | YES  |     | NULL    |                | 
                | borrowernotes    | mediumtext   | YES  |     | NULL    |                | 
                | relationship     | varchar(100) | YES  |     | NULL    |                | 
                | ethnicity        | varchar(50)  | YES  |     | NULL    |                | 
                | ethnotes         | varchar(255) | YES  |     | NULL    |                | 
                | sex              | varchar(1)   | YES  |     | NULL    |                | 
                | password         | varchar(30)  | YES  |     | NULL    |                | 
                | flags            | int(11)      | YES  |     | NULL    |                | 
                | userid           | varchar(30)  | YES  | MUL | NULL    |                |  # UNIQUE in next release.
                | opacnote         | mediumtext   | YES  |     | NULL    |                | 
                | contactnote      | varchar(255) | YES  |     | NULL    |                | 
                | sort1            | varchar(80)  | YES  |     | NULL    |                | 
                | sort2            | varchar(80)  | YES  |     | NULL    |                | 
                +------------------+--------------+------+-----+---------+----------------+
                50 rows in set (0.01 sec)
        
                Where Null="NO", the field is required.

KOHA_CONF and field mapping

Example XML stanza for LDAP configuration in KOHA_CONF:

        <!-- LDAP SERVER (optional) -->
        <server id="ldapserver"  listenref="ldapserver">
                <hostname>localhost</hostname>
                <base>dc=metavore,dc=com</base>
                <user>cn=Manager,dc=metavore,dc=com</user>             <!-- DN, if not anonymous -->
                <pass>metavore</pass>      <!-- password, if not anonymous -->
                <replicate>1</replicate>   <!-- add new users from LDAP to Koha database -->
                <update>1</update>         <!-- update existing users in Koha database -->
                <mapping>                  <!-- match koha SQL field names to your LDAP record field names -->
                <firstname    is="givenname"      ></firstname>
                <surname      is="sn"             ></surname>
                <address      is="postaladdress"  ></address>
                <city         is="l"              >Athens, OH</city>
                <zipcode      is="postalcode"     ></zipcode>
                <branchcode   is="branch"         >MAIN</branchcode>
                <userid       is="uid"            ></userid>
                <password     is="userpassword"   ></password>
                <email        is="mail"           ></email>
                <categorycode is="employeetype"   >PT</categorycode>
                <phone        is="telephonenumber"></phone>
                </mapping>
        </server>

The <mapping> subelements establish the relationship between mysql fields and LDAP attributes. The element name is the column in mysql, with the "is" characteristic set to the LDAP attribute name. Optionally, any content between the element tags is taken as the default value. In this example, the default categorycode is "PT" (for patron).

SEE ALSO

CGI(3)

Net::LDAP()

XML::Simple()

Digest::MD5(3)

<<