You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2022-12-17 02:15:19

mmaslouh
Member
Registered: 2022-12-04
Posts: 7

[Astuces] Enable LDAPS Active directory and GLPI 10 on Linux

Hello,

After a 5h fight with ldap via ssl, I want to share with you all the steps.

First you need to make ldap work without ssl, after that you can switch to ldaps by following the steps below.

Also, LDAPS must be enabled on your DC ( pdhewaju.com.np/2017/03/02/configuring-secure-ldap-connection-server-2016 )

1 - Export the "root ca" from certificat manager on your DC (Codage DER et format adds.cer).

2 - Upload the certificate to your server, In my case is a Ubuntu Server.

3 - Convert the certificat to .crt

"""   openssl x509 -inform DER -in adds.cer -out adds.crt   """

4 - Import certificat to local trust repo on your glpi server

"""   sudo cp adds.crt /usr/local/share/ca-certificates   """

"""   sudo update-ca-certificates   """

5 - Add your DC fqdn to dns server or hosts file.

6 - Check if your glpi server trust the DC certificate via wget (Enable https in IIS on DC for test).

wget https:// dc01.mylab.local /

"""  --2022-12-17 00:33:18--  https:// dc01.mylab.local /   """
"""  Resolving dc01.mylab.local/ (dc01.mylab.local/)... 192.168.1.10   """
"""  Connecting to dc01.mylab.local/ (dc01.mylab.local/)|192.168.1.10|:443... connected.   """
"""  HTTP request sent, awaiting response... 200 OK   """
"""  Length: 703 [text/html]   """
"""  Saving to: ‘index.html’   """

"""  index.html                 100%[=====================================>]     703  --.-KB/s    in 0s   """

"""  2022-12-17 00:33:18 (117 MB/s) - ‘index.html’ saved [703/703]"""


If GLPI server doesn't trust the DC certificate you well get errors like this:

"""   Unable to locally verify the issuer's authority.   """
"""   To connect to dc01.mylab.local insecurely, use `--no-check-certificate'.   """

7 - if wget test is okay, go forward with ldapsearch test.

"""  ldapsearch -H  ldaps://dc01.mylab.local:636 -x -W -D "CN=Glpi Admin,OU=Users,DC=mylab,DC=local" -b 'DC=mylab,DC=local'  """

Enter LDAP Password:

8 -  if ldapsearch test is okay, Restart Apache and go configure ldap authentication on GLPI.

""" systemctl restart apache2  """

Home > Configuration > Authentification > LDAP

First add you ldap source (Active directory server)

In Server field put : ldaps://mdc01.mylab.local

In Port  field put : 636

Last edited by mmaslouh (2022-12-17 02:21:09)

Offline

Pages: 1

Board footer

Powered by FluxBB