Skip to content

Instantly share code, notes, and snippets.

@phette23

phette23/koha-conf.xml

Last active March 13, 2026 18:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save phette23/88ee618ee3786a2ac2499f075080a251 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save phette23/88ee618ee3786a2ac2499f075080a251 to your computer and use it in GitHub Desktop.
Download ZIP
Testing Koha with LDAP
Raw
koha-conf.xml
<!-- goes in config section, replace existing useldapserver -->
<useldapserver>1</useldapserver>
<ldapserver id="ldapserver">
<hostname>ldap:10389</hostname>
<base>ou=people,dc=planetexpress,dc=com</base>
<user>cn=admin,dc=planetexpress,dc=com</user>
<pass>GoodNewsEveryone</pass>
<anonymous>0</anonymous>
<replicate>1</replicate>
<update>1</update>
<mapping>
<userid is="uid"></userid>
<surname is="sn"></surname>
<firstname is="givenName"></firstname>
<email is="mail"></email>
<categorycode is="1">PT</categorycode>
<branchcode is="1">CPL</branchcode>
</mapping>
</ldapserver>
Raw
testing-koha-ldap.md

Koha LDAP Authentication Testing

High-level outline:

  • Use rroemhild/test-openldap which has prepopulated users
  • Configure Koha to connect to this LDAP server, restart_services
  • Enable logs, check Log Viewer or app logs

Step 1: Run the LDAP Container

Start ktd and then run the LDAP container on the same network.

ktd up
# either press "d" to detach from ktd or run in a separate terminal
docker run -d --name ldap -p 10389:10389 --network kohadev_kohanet rroemhild/test-openldap

The LDAP container could be added to ktd's docker-compose.yml or a docker-compose.ldap.yml for easier management.

Step 2: Configure Koha (koha-conf.xml)

Run a shell on the KTD container (ktd --shell) then edit Koha's configuration file vim $KOHA_CONF or vim /etc/koha/sites/kohadev/koha-conf.xml.

  1. Find <useldapserver>0</useldapserver>
  2. Enable LDAP with <useldapserver>1</useldapserver>
  3. Add an ldapserver element using the name of the LDAP container (ldap) as hostname and note that it uses port10389:
<useldapserver>1</useldapserver>
<ldapserver id="ldapserver">
    <hostname>ldap:10389</hostname>
    <base>ou=people,dc=planetexpress,dc=com</base>
    <user>cn=admin,dc=planetexpress,dc=com</user>
    <pass>GoodNewsEveryone</pass>
    <anonymous>0</anonymous>
    <replicate>1</replicate>
    <update>1</update>
    <mapping>
        <userid is="uid"></userid>
        <surname is="sn"></surname>
        <firstname is="givenName"></firstname>
        <email is="mail"></email>
        <address is="postaladdress"></address>
        <city is="l"></city>
        <categorycode is="1">PT</categorycode>
        <branchcode is="1">CPL</branchcode>
    </mapping>
</ldapserver>

Some of this may not be necessary but C4:Auth_with_ldap.pm instructs you to provide values for all non-nullable patron fields, such as address and city. The categorycode and branchcode refer to a patron category and library branch prepopulated in ktd.

Finally, restart all Koha services with restart_all.

Step 3: Testing

To use the Log Viewer tool you have to enable the auth logs, which are disabled by default, in Koha > Administration > Systems Preferences > AuthFailureLog and AuthSuccessLog.

Once LDAP is configured, you can attempt to log in to the Koha Staff or OPAC interface using one of the test test-openldap users (e.g., Username: fry, Password: fry). See its readme for a list of user accounts.

You can watch the app logs (add -f to the tail command to follow the logs in real time):

# in the ktd shell
tail /var/log/koha/kohadev/intranet-error.log
tail /var/log/koha/kohadev/opac-error.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment