You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2017-07-31 19:26:04

possebon
Member
Registered: 2017-07-31
Posts: 4

Active Directory does not work as expected

Hi all,

I'm new on GLPI (I've been using OTRS for the last 6 years) and I'm trying to configure the Active Directory on my GLPI install.

I was to configure the LDAP, and authenticate from a user of Active Directory with success.

I need to restrict the access to users on GLPI only when they are member of one of below Active Directory Groups:

http://imgur.com/hy0L2t3

When the users log in, they should be assigned to differnet profiles based on their Active Directory Groups

BRGPIAD - Super-Admin
BRGPITC - Technician
BRGPIUS - Report only

My configuration of LDAP Authentication is this:

http://imgur.com/eQZd5fE

http://imgur.com/DJOqALV

I'm running the 9.1.5 version of GLPI.

Last edited by possebon (2017-07-31 19:28:44)

Offline

#2 2017-08-02 10:53:21

LucaC
Member
Registered: 2012-04-10
Posts: 44

Re: Active Directory does not work as expected

Hello,
that is basically my configuration (I also use SSO with NTLM - will move to kerberos shortly).
I'm not currently in office so will try to remember the config:
- Create the 3 profiles you need in GLPI (eg. Profile-BRGPIAD, Profile-BRGPITC, Profile-BRGPIUS) and set appropriate permission you want for each user category
- Create 3 groups in GLPI (eg. Group-BRGPIAD, Group-BRGPITC, Group-BRGPIUS). Link each GLPI Group to the AD Group (using the LDAP Directory Link Tab in group configuration). You need to  specify memberof as attribute and then write down the full DN of the AD Group. Remember that AD link uses group DN so if you change the group DN (i.e. you move the group in another OU or rename the group), you need to update thìis setting manually. Also keep the default "glpi" user enabled to be used when AD integration fails.

Now  associate users in each group with appropriate profile using RULES.
In RULES, go to Authorization assignement rules. Create 3 rules that will link each group to corresponding profile.

Using BRGPIAD as example:
- Criteria  the "Imported group from LDAP Directrory is Group-BRGPIAD.
- Actions: Profile Assign Profile.-BRGPIAD

Don't forget to enable the rule (first tab in rule configuration).
HTH

Offline

#3 2017-08-02 22:58:17

possebon
Member
Registered: 2017-07-31
Posts: 4

Re: Active Directory does not work as expected

LucaC,

Thanks for your reply.

I was able to configure almost everything you sent me.

The only thing that I can't figure out is, when I try to import users from AD, they are not filtered only by those groups.

Best regards,

Offline

#4 2017-08-03 13:21:53

possebon
Member
Registered: 2017-07-31
Posts: 4

Re: Active Directory does not work as expected

Another thing that happened, the configuration I did yesterday about Groups (the groups I created yesterday) are gone today, they disappeared.

Offline

Pages: 1

Board footer

Powered by FluxBB