Skip to main content
ExLibris
  • Subscribe by RSS
    • Back
    MetaLib
    Ex Libris Knowledge Center

    How do we migrate our authentication from a local PDS to LDAP?

    1. Last updated
    2. Save as PDF
    • Article Type: General
    • Product: MetaLib
    • Product Version: 4

    Description:
    Our campus now has an LDAP system and I would like to migrate our authentication from a local PDS to LDAP.
    The only documentation that I can find about LDAP is in v3, Patron Directory Services.
    Is this still the most current information?

    Resolution:
    The PDS v1.3 documentation is the most current information.
    Essentially, the following files have to be configured:

    1) Existing file: /exlibris/metalib/m4_2/pds/conf_table/tab_service.<library_name>

    The current tab_service.<library_name> includes:
    [AUTHENTICATE]
    program = metalib_x_server.pl
    params = sfx.<library_name>.edu,8332,BOR-AUTH,N
    [END]

    You'll want to add the ldap program and params lines:
    [AUTHENTICATE]
    program = ldap.pl
    params = ldap_<library_name>.conf
    program = metalib_x_server.pl
    params = sfx.<library_name>.edu,8332,BOR-AUTH,N
    [END]

    The ldap.pl is our standard program used to communicate with LDAP servers; it uses the parameters set up in the ldap_xxx.conf file.

    2) New file: /exlibris/metalib/m4_2/pds/conf_table/ldap_<library_name>.conf

    This is the file where the LDAP server is defined as well as various other settings (i.e., whether on not you wish to use secure LDAP).

    The settings are described in section 6.2.1 of the PDS documentation.
    An example file is as follows:

    [general]
    host_name = <your hostname here>
    port = <your port here>
    search_base = ou=Accounts,dc=ads,dc=iu,dc=edu
    search_filter = (&(objectClass=User)(cn=USERNAME))
    secure_ldap = Y
    bindb4search=Y
    dn = cn=USERNAME, ou=Accounts, dc=ads, dc=iu, dc=edu
    ldap_version = 3

    [xml setting]
    xml_root_node = bor_authentication

    [attributes mapping]
    cn = name

    You'll also want to make sure that your MetaLib server can connect to your LDAP server.
    This is best tested by configuring LDAP and then trying to authenticate a valid user.
    The LDAP administrator can then check the LDAP server logs to verify the attempt from the MetaLib server.
    This may seem obvious, but in many cases like this, the servers weren't talking with each other.

    • Article last edited: 10/8/2013