You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2006-08-02 05:15:21
- William Smith
- Member
- Registered: 2006-07-15
- Posts: 8
How to use Groups in 0.68 with LDAP
Hello!
I can find no documentation for this, so I am posting my question here.
I've noticed in 0.68 that when I have external LDAP authentication configured (Active Directory) I also have two new fields appear when I create a Group. They are "LDAP Field" and "LDAP Value" in addition to "Name". For a standard Active Directory setup, what would I put into these two fields?
Also, once I have a Group created that is connected with LDAP, what can I expect to see? How would I use this feature?
Thank you! bill
Offline
#2 2006-08-02 12:13:24
- wawa
- GLPI-DEV
- From: Montpellier / France
- Registered: 2006-07-03
- Posts: 6,019
- Website
Re: How to use Groups in 0.68 with LDAP
Hello !
It's possible to affect groups to a user directly from ldap :
* in the setup-> external auth web page fill the group field with the name of the attribute which indicates the belonging to a group (for example 'group')
* while declaring a group in glpi, you need to indicate the name of the ldap field which stores the group value (it must always be filled as soon as you filled the field in external auth). The field value must be filled with the dn of the group (cn=mygroup,ou=groups,dc=mycompany for example).
* when it's done, add groups dn in the ldap use entry.
during the authentication phase, glpi reads all the groups for the user from ldap, and update the groups in glpi (it means that it adds and delete automatically user from groups in glpi regarding the datas from ldap).
regards.
walid.
Offline
#3 2006-08-04 05:31:09
- William Smith
- Member
- Registered: 2006-07-15
- Posts: 8
Re: How to use Groups in 0.68 with LDAP
Hello!
Thank you for replying.
I still don't understand how groups in LDAP work in GLPI. If groups will be associated with a user who logs in to GLPI, how does that benefit the administrator who would like to assign a computer or other asset to a group of which he's not a member?
Maybe if I knew the proper setup and knew what to look for I would understand. Please keep in mind that our LDAP server is Active Directory.
I've added "group" to Administration --> Setup --> External authentication --> GLPI/LDAP Links --> Group. Would this be correct for Active Directory?
Next, I've gone to Administration --> Group --> Add Group...
If I'm a member of "admingroup" and I know its DN, would the following be correct?
Name: admingroup
LDAP Field: group (automatically filled in from GLPI/LDAP Links)
LDAP Value: CN=admingroup,OU=groups,DC=mycompany,DC=com
If this is correct, then what could I do to verify this is working?
Thank you again for your help! bill
Last edited by William Smith (2006-08-04 05:41:46)
Offline
#4 2006-08-04 18:00:19
- mags
- Member
- From: CH
- Registered: 2006-06-06
- Posts: 12
Re: How to use Groups in 0.68 with LDAP
for AD it is 'memberof' I believe
non toxique (si utilisé comme prescrit)
Offline
#5 2006-08-04 18:23:12
- William Smith
- Member
- Registered: 2006-07-15
- Posts: 8
Re: How to use Groups in 0.68 with LDAP
I thought this might be the case and tested it. But I still don't have a clear picture of what I'm looking for to see if this works as intended.
Can you or someone provide me an example of what I should expect? If I'm logged in to GLPI and adding a computer, should I see all groups that I'm a member of? Or should I see all members of that group in the "User" field if I select a particular group in the "Group" field?
bill
Offline
Pages: 1