Commit graph

94 commits

Author SHA1 Message Date
7e1be8d385
Bug 20443: Use search_with_library_limits for attribute types
Dealt with that previously in the module during the rebase.
It conflicted with bug 23281.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:49:22 +00:00
569e4080f1
Bug 20443: Fix Auth_with_ldap.t
Must be a hashref

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:49:22 +00:00
e37bfe3e4b
Bug 20443: Remove extended_attributes_code_value_arrayref AND C4::Members::Attributes
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:49:22 +00:00
37e634bb5b
Bug 20443: Remove C4::Members::AttributeTypes
We do no longer need this package, we can use
Koha::Patron::Attribute::Types directly instead.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:41 +00:00
f1d210019b
Bug 20443: Move C4::Members::AttributeTypes::GetAttributeTypes to Koha::Patron::Attribute::Types
We can then now start to move methods from C4::Members::AttributeTypes
as well.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:35 +00:00
5dd44a8f08
Bug 20443: Remove CheckUniqueness
There is already a method in Koha::Patron::Attribute to check the
uniqueness constraint, let us it to replace CheckUniqueness

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:30 +00:00
ccfc6572f7
Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttributes
This patch replace Koha::Patron->get_extended_attributes with
->extended_attributes
It's now a getter a setter method.

It permits to replace UpdateBorrowerAttribute and use
create_related from DBIx::Class

Notes:
* We face the same variable names difference than in a previous patch
(value vs attribute)

Bug 20443: Remove SetBorrowerAttributes

squash  + RM get_extended_attributes

 RM get_extended_attributes

SQUASH Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttribute

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:16 +00:00
125d8c2d8b
Bug 16719: (QA follow-up) Remove tabs
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-10 09:19:07 +00:00
Oliver Behnke
be7ca413fd
Bug 16719: (follow-up) Update check on password mapping
Change to allow for unmapped default passwords

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-10 09:18:58 +00:00
Oliver Behnke
f514a37d88
Bug 16719: Pass through undef rather than empty string in LDAP mapping
Nullable DB fields should be passed null in cases where ldap fields are
empty and not replaced with empty strings.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-10 09:18:50 +00:00
dc5fe323d2
Bug 24217: use Modern::Perl for modules when strict is missing
We absolutely need that for modules.
We are enabling strict by using Modern::Perl.
Note that other modules from C4 use strict and warnings, instead of
Modern::Perl

Test plan: git grep 2505 **/*.pm should not return any results

And let's see later what needs to be fixed.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-01-03 10:45:46 +00:00
109334102f
Bug 14570: Make it possible to add multiple guarantors to a record
This patch adds the ability to set an unlimited number of guarantors
for a given patron. As before, each guarantor may be linked to another
Koha patron, and all the behavior that applies to a given guarantor
remains the same.

Test Plan:
 1) Apply this patch
 2) Run updatedatabase.pl
 3) Find some patrons with guarantors, verify the still have their guarantor
 4) Test adding and removing guarantors on a patron record, both Koha users and not
 5) Verify the "Add child" button works
 6) Verify NoIssuesChargeGuarantees still works
 7) Verify tools/cleanborrowers.pl will not delete a guarantor
 8) Verify the guarantors are displayed on moremember.pl
 9) Verify the guarantor is removed by members/update-child.pl
10) Verify the guarantor is removed by misc/cronjobs/j2a.pl
11) Verify import patrons converts guarantor_id, relationship, contactfirstname,
  and contactsurname into a guarantor
12) prove t/Patron.t
13) prove t/db_dependent/Circulation.t
14) prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
15) prove t/db_dependent/Items.t
16) prove t/db_dependent/Koha/Patrons.t
17) prove t/db_dependent/Members.t
18) prove t/db_dependent/Patron/Relationships.t

Signed-off-by: Kim Peine <kmpeine@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-08-20 16:04:48 +01:00
9b7a216c53 Bug 22461: (follow-up) Use exists not defined
Prior to this patch there is a regression in the LDAP replication
functionality such that clearing a field become impossible. This patch
restores that functionality.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-26 17:51:09 +00:00
c9fa30a55b Bug 22461: Clarify and correct the hash reduction
There were a couple of bugs in the previous patch which meant it wasn't
working as intended. This patch corrects those bugs and simplifies the
code a little along the way.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-18 09:55:34 +00:00
4e40784f99 Bug 22461: Filter ldap mapping before inserting patron's info
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-18 09:55:34 +00:00
d482c7b272 Bug 22461: Fix LDAP user replication
From bug 20287:
-        $borrowernumber = C4::Members::AddMember(%borrower) or die "AddMember failed";
+        Koha::Patron->new( \%borrower )->store;
         C4::Members::Messaging::SetMessagingPreferencesFromDefaults( { borrowernumber => $borrowernumber, categorycode => $borrower{'categorycode'} } );

$borrowernumber is not updated with the value of the newly created patron

This patch restores the previous behavior (as well as the die)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-18 09:55:34 +00:00
197a7029f6 Bug 22048: Use set_password in Auth_with_ldap.pm
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:15:31 +00:00
8eed046638 Bug 18947: LDAP - do not assume anonymous bind if no user or password
To test:
Ideally tested on a working ldap server with bind by auth and no
anonymous bind
1  - Define an LDAP config with bind by auth
2  - Don't define user/pass
3  - Define anonymous_bind = 0
4  - Attempt bind by auth
5  - Error is something like:
LDAP search failed to return object : XXXXXXXXX: LdapErr: XXXX-XXXXXX,
     comment: In order to perform this operation a successful bind must
     be completed on the connection., data 0, v2580 at
     /usr/share/koha/lib/C4/Auth_with_ldap.pm line 102.
6  - Define user/pass
7  - Now bind by auth should work
8  - remove user/pass
9  - Apply patch
10 - Attempt again
11 - Bind by auth shoudl succeed

prove -v t/db_dependent/Auth_with_ldap.t

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 14:40:13 +00:00
2e6fb40ef8 Bug 21087: Hash passwords in ->update_password
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: John Doe <you@example.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2018-07-30 14:58:06 -03:00
ef410fd62f Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:47 +00:00
a6059c4d2d Bug 20287: Move trim values to a method
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:45 +00:00
Oliver Bock
4c631a0824 Bug 14625 - LDAP: skip extended patron attributes in 'borrowers' attribute update
* Any extended patron attributes will cause the update to fail as those attributes don't exist in the 'borrowers' table
* The update of the extended patron attributes is already dealt with in checkpw_ldap()
* Ergo: just skip those attributes here

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I did not test this patch but code looks good

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 09:52:05 -04:00
Alex Arnaud
6ddf51573d Bug 6979 - Handle multiple branches in non-auth_by_bin
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:21:28 +00:00
Alex Arnaud
68c365ea8a Bug 6979 - Update tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:21:28 +00:00
=
8c3fc47338 Bug #6979
I removed several lines of code in the checkpw_ldap subroutine where
LDAP authentication takes place, in the "else" part of the conditional
that checks for the auth_by_bind config parameter. I added several lines
to check whether the user can log in to LDAP using their DN and the
password supplied in the login form. If they are able to bind, login
contiues as normal and the LDAP attributes can be harvested as normal if
the update options are turned on. The routine that was in place was
failing because it was trying to check against a non-existent LDAP entry
attribute called 'userpassword'. Instead of checking against a
'userpassword' attribute, the routine really should be checking to make
sure the user can actually bind to LDAP. That's what I set up, and it is
a safer way to test authentication against LDAP.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 12:21:28 +00:00
Dobrica Pavlinusic
4740438b41 Bug 17775 - Add new user with LDAP not works under Plack
This patch fixes internal server error:

Undefined subroutine &C4::Auth_with_ldap::AddMember called at /srv/koha_ffzg/C4/Auth_with_ldap.pm line 213.

It occurs only under plack, and it's strange since C4::Members
does EXPORT AddMember and we are importing it into Auth_with_ldap.pm
(and it does work under CGI).

Signed-off-by: Liz Rea <liz@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
I did not test but trust author and signoffer. The change cannot hurt.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-07 17:45:13 +00:00
Alex Arnaud
e331a9c0d0 Bug 17615 - Fix updating borrower attributes in checkpw_ldap
Signed-off-by: Oliver Bock <oliver.bock@aei.mpg.de>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-20 13:37:33 +00:00
afc008b2fa Bug 16853: Move changepassword to Koha::Patron->update_password
This patch moves the code from C4::Members::changepassword to
Koha::Patron->update_password

Test plan:
Change your password at the OPAC and the staff interface
This should work as before

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I rebased this on top of 16849 because they were conflicting.
Tests pass, code looks good (as usual) and I checked both OPAC
and staff password change work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 18:09:17 +00:00
Joonas Kylmälä
85ea73db9d Bug 11807: (follow-up) remove date conversions
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
Frédérick
b3311913b3 Bug 11807 : Add support for categorycode conversions when updating an user using a LDAP server.
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
Alex Arnaud
c74678a1d2 Bug 15889: LDAP authentication: Only update mapped attributes
Test plan:

- Update your configuration file to use LDAP authentication and enable update
  (<update>1</update>) option,
- login with an existing user with extended attrbitutes that are not in
LDAP mapping,
- check that all attributes are still here.

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Philippe Blouin <philippe.blouin@inlibro.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-31 16:33:31 -06:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
4a3404594f Bug 15163: Do not erase patron attributes if limited to another library
The patron attributes displayed on editing a patron are not displayed if
limited to another library.

C4::Members::Attributes::SetBorrowerAttributes will now only delete attributes
the librarian is editing.
SetBorrowerAttributes takes a new $no_branch_limit parameter. If set,
the branch limitations have not effect and all attributes are deleted
(same behavior as before this patch).

Test plan:
1/ Create 2 patron attributes, without branch limitations.
2/ Edit a patron and set a value for these attributes
3/ Limit a patron attributes to a library (one you are not logged in
with).
4/ Edit again the patron.
=> You should not see the limited attributes
5/ Edit the patron attributes and remove the branch limitation
=> Without this patch, it has been removed from the database and is not
displayed anymore.
=> With this patch, you should see it.

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-21 16:56:37 +00:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
85c25c619f Bug 9165: (Followup) Tidied code slightly
Minor code tidy to clean up qa script warning.

http://bugs.koha-community.org/show_bug.cgi?id=9165
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-27 14:58:46 -03:00
7b9082a55b Bug 9165: (Followup) Clear existing sync
A small enhancement to clear existing synced passowrd should this
config option be enbled. This followup is related to bug 12831

http://bugs.koha-community.org/show_bug.cgi?id=9165
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-27 14:58:16 -03:00
Robin Sheat
519149a6c7 Bug 9165: Prevent LDAP passwords being stored locally
This adds a configuration option to LDAP that prevents it from storing
user's passwords in the local database. This is useful when users of
hosted Koha wish to prevent any form of offsite password storage for
security reasons.

Notes:
 * if the option is not included in the koha-conf.xml file, then the
   current default behaviour of saving the password locally is retained.
 * this has no impact on passwords that are already in the database.
   They will not be erased.

To use:
 * edit the koha-conf.xml for a system that uses LDAP for
   authentication.
 * in the <ldapserver> configuration, add:
   <update_password>0</update_password>
 * feel a greater sense of security.

To test:
 1) have a Koha system that authenticates using LDAP.
 2) note that when a user logs in, their password is saved (hashed) in
    the database.
 2.5) it is important to note that, for whatever reason, a user's
      password is not stored on a login where their account is created,
      only when they log in after being created. Thus perhaps log in and
      log out a couple of times to be sure.
 3) add the <update_password>0</update_password> option to the
    <ldapserver> section of koha-conf.xml.
 4) login with a new user (or erase the password from the database for
    an existing user) and note that the password field is not populated.
 5) log out and log back in just to be sure, check the password field
    again.

Sponsored-By: National Institute of Water and Atmospheric Research (NIWA)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-27 14:57:49 -03:00
4c1f0dcecb Bug 12831: Local Only logins with LDAP
Local only logins should continue to function when LDAP is enabled.
This was not the case after bug 8148 [LDAP Auth should FAIL when ldap
contains a NEW password].  For this case, we need to diferentiate
between local accounts and ldap accounts.  This is somewhat challenging
and thus this patch is only part of the story.

The other half can be achieved with bug 9165

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-27 14:46:27 -03:00
Dobrica Pavlinusic
c9351807e9 Bug 8148 - LDAP auth_by_bind doesn't fallback to local auth
This patch covers LDAP auth_by_bind configuration so that wrong
LDAP password will return -1 to C4::Auth so we can abort local auth
and prevent users logging in with stale database passwords.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-07 16:22:49 -03:00
Frédérick
f68d9e6ec4 Bug 8148: Only update the password if the LDAP password field was mapped
http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-07 16:22:35 -03:00
Frédérick
56f3b542bd Bug 8148: Prevent local authentification fallback if an invalid LDAP password was entered.
http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-07 16:22:21 -03:00
9da4c80b01 BUG 12304: LDAP auto-provisioning set default messaging preferences
LDAP auto-provisioning should set default messaging preferences upon
creation of a user.

Signed-off-by: Ulrich Kleiber <ulrich.kleiber@bsz-bw.de>
Manually applied to 3.12.9 and it works beautifully in test and production.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-02 15:17:35 -03:00
Robin Sheat
c61d2d7011 Bug 10908: restore docs on principal_name LDAP option
Signed-off-by: Ulrich Kleiber <ulrich.kleiber@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 15:28:11 +00:00
Robin Sheat
5bd8df784e Bug 10908: restore non-anonymous auth_by_bind LDAP options
Recent changes to LDAP broke auth_by_bind in many situations. This bug
resets the behaviour to what it used to be, however also allows the new
behaviour by adding the 'anonymous_bind' parameter to the LDAP config.

Testing:
    1) Find an LDAP configuration that was broken recently that uses
       auth_by_bind
    2) Apply this patch
    3) See if it works again.
Additionally, testing the original path in the case of 'anonymous_bind'
being set should probably be done too, but I have no idea about the LDAP
server config for that.

Signed-off-by: Ulrich Kleiber <ulrich.kleiber@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 15:27:21 +00:00
Galen Charlton
547c6d2949 Bug 9611: (follow-up) move new password hashing routines to separate module
The move avoids a problem where many modules would gain
a dependency on C4::Auth just because C4::Members needs access
to hash_password().

This patch also adds a couple unit tests for the new password
hashing code.

To test:

[1] Verify that there are no regressions on the test plan for bug
    9611.
[2] Verify that t/AuthUtils.t and t/db_dependent/Auth.t pass.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-09 03:29:22 +00:00
Srdjan
328a285575 bug 9611: use hash_password() and checkpw_* for LDAP logins instead of md5 hash
Test:

* LDAP:
- Turn on LDAP auth in koha-config.xml. Set "update" in your server config to 1
- Change user's password on LDAP
- Login to Koha using LDAP - Koha password should be updated, to check
- Turn off LDAP auth in koha-config.xml
- You should be ble to log in with the new password

I do not have a LDAP facility, so I cheated. I ran
perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 1000022259, "srdjan");'
and was able to change the password.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described.

Test
1) change <useldapserver> to 1
2) copy/paste sample <ldapserver> config from perldoc C4/Auth_with_ldap
3) using sample script was able to change password,
use (userid, borrowernumber, newpass) as arguments
4) checked with OPAC and in database

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:46 +00:00
Jonathan Druart
561107bb5b Bug 10925: fix LDAP auth failing if DEBUG is enabled
To reproduce:
1/ Edit your apache virtual host and set the DEBUG environment variable
(SetEnv DEBUG 1).
2/ Try to login with an ldap user
3/ You will be redirected to the 500 error page.
The Koha logs contains:
malformed header from script. Bad header=------------------------------: mainpage.pl

The hashdump routine directly prints to STDOUT (!) and breaks the
headers.
It appears Net::LDAP::?->dump does the same thing.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Maybe we can kill C4::Utils after getting rid of this

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-02 14:26:03 +00:00
Srdjan
4d75243e27 Bug 9299: fix LDAP login breakage when ExtendedPatronAttributes is on
To test:
- Configure an LDAP server and $KOHA_CONF, etc.
- Make sure ExtendedPatronAttributes is defined and that
  there is no attribute defined that is specified to be
  a unique ID.
- Try to log in using an account originating from the
  LDAP directory.
- You will got a software error:
  Can't use an undefined value as an ARRAY reference at
  /home/koha/src/C4/Auth_with_ldap.pm line 183.
- Apply the patch.
- Try to log in again; this time it should work.

Signed-off-by: Nuño López Ansótegui <nunyo@masmedios.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-09-27 16:19:56 +00:00
Fridolyn SOMERS
96ac578960 Bug 10384: fall back to normal authentication if LDAP server is not available
This fixes a bug where, assuming LDAP authentication is enabled, if a user
tries to log in while the LDAP server is down, the following fatal error
is displayed:

Can't call method "bind" on an undefined value at C4/Auth_with_ldap.pm line 134, <DATA> line 558.

This patch catches this error to allow normal authentication when LDAP connexion fails.

Test plan :
- Configure LDAP connexion with a host not having LDAP. ie :
 <useldapserver>1</useldapserver>
 <ldapserver id="ldapserver">
    <hostname>localhost</hostname>
    <base>dc=test,dc=com</base>
    <user>cn=Manager,dc=test,dc=com</user>
    <pass>passwd</pass>
    <replicate>0</replicate>
    <update>0</update>
    <auth_by_bind>0</auth_by_bind>
    <mapping>
      <firstname    is="givenname"      ></firstname>
      <surname      is="sn"             ></surname>
      <branchcode   is="branch"         >MAIN</branchcode>
      <userid       is="uid"            ></userid>
      <password     is="userpassword"   ></password>
      <email        is="mail"           ></email>
      <categorycode is="employeetype"   >PT</categorycode>
    </mapping>
 </ldapserver>
- Try to connect with mysql user (defined in koha-conf.xml)
- Try to connect with a user defined in borrowers
You may try to connect with working LDAP connexion

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-05 16:08:46 +00:00