Horizon Authentication with EZproxy for Windows and ODBC

The following technical note describes how EZproxy for Windows can be configured to use ODBC to connect to a Horizon databases to authenticate users. There is no equivalent version of this approach for the Linux or Solaris versions of EZproxy.

EZproxy for Windows 3.2a GA (2005-03-28) added support for authentication using ODBC which can be used to authenticate SirsiDynix Horizon borrowers. The following steps describe how to create this configuration.

  1. Install the database client on the EZproxy server.
  2. Create an ODBC system data source that points to the Horizon database server.
  3. If necessary, create a database username and password that is able to query the Horizon borrower and borrower_barcode tables.
  4. Edit user.txt/ezproxy.usr and add the following lines, changing somedsn to the DSN created in step 2, somedbuser and somedbpass to the username and password created in step 3, and somedatabase to the name of your Horizon database.

    ::ODBC
    DSN somedsn
    DBUser somedbuser
    DBPassword somedbpass
    SQL USE somedatabase
    Parameter User
    Parameter Pass
    SQL SELECT \
    CASE WHEN expiration_date >= datediff(dd, '1/1/1970', getdate()) \
    THEN 'allow' ELSE 'expired' END, 'Default', bb.bbarcode \
    FROM borrower b, borrower_barcode bb \
    WHERE \
    b.borrower# = bb.borrower# AND \
    bb.bbarcode = ? AND \
    bb.lost_date IS NULL AND \
    b.pin# = ?
    Expired; deny expired.htm
    /ODBC

    Note that including the barcode as the third field returned by the select statement is ignored by EZproxy, but Sybase installations have found that this command will not work properly unless this extra field is included.

  5. Create a file named expired.htm and place it in the docs directory on your EZproxy server. This file will be sent to any user that has a card that is expired and should explain what the user should do (e.g. how to contact your library to renew the card).

With this logic in place, EZproxy should test the username from the login form against authorized barcodes and the password against the pin field. If the information matches but the card is expired, the user will be sent the expired.htm file. If the information matches and the card is not expired, the user is granted access.

If you encounter any problems creating this configuration, contact support@oclc.org for additional help.