You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2017-10-06 14:43:24

sarkan20
Member
Registered: 2017-10-06
Posts: 4

GLPI 9.1.6 and LDAP

Hello!
I use GLPI version 9.1.6 with authorization in the Active Directory. (Ubuntu 16.04, Apache2.4, php7, AD Windows 2012r2)
How do I make transparent authorization of users Active Directory and how to add LDAP selection criteria correctly?
By simply specifying the user parameter in the Active Directory, for example, the setting "office" for the automatic assignment rule does not work.
For tests, I used GLPI version 9.2 - the result is the same.
Thanks!
With respect, Igor.

Last edited by sarkan20 (2017-10-06 16:00:16)

Offline

#2 2017-10-06 17:10:21

machadomall
Member
From: Brazil, Brasilia, DF
Registered: 2011-10-30
Posts: 208

Re: GLPI 9.1.6 and LDAP

Hello,
Is it possible for you to post the images of your LDAP settings? So we will have an idea of your settings and possible errors in the registration.

Grateful.


Márcio Machado
Brasília-DF / Brasil

Offline

#3 2017-10-09 10:09:31

sarkan20
Member
Registered: 2017-10-06
Posts: 4

Re: GLPI 9.1.6 and LDAP

I have a user "test" in AD and I want to compare its parameter AD in the GLPI:

AccountExpirationDate                : 
accountExpires                       : 9223372036854775807
AccountLockoutTime                   : 
AccountNotDelegated                  : False
AllowReversiblePasswordEncryption    : False
AuthenticationPolicy                 : {}
AuthenticationPolicySilo             : {}
BadLogonCount                        : 0
badPasswordTime                      : 131466760945919102
badPwdCount                          : 0
CannotChangePassword                 : False
CanonicalName                        : ***/АДС/Тест
Certificates                         : {}
City                                 : 
CN                                   : Тест
codePage                             : 0
Company                              : ***
CompoundIdentitySupported            : {}
Country                              : 
countryCode                          : 0
Created                              : 05.01.2017 14:15:06
createTimeStamp                      : 05.01.2017 14:15:06
Deleted                              : 
Department                           : 
Description                          : 
DisplayName                          : Тест
DistinguishedName                    : CN=Тест,OU=АДС,OU=***,DC=***,DC=com
Division                             : 
DoesNotRequirePreAuth                : False
dSCorePropagationData                : {06.10.2017 13:28:20, 05.10.2017 15:08:10, 16.08.2017 13:43:42, 01.01.1601 20:12
                                       :16}
EmailAddress                         : 
EmployeeID                           : 
EmployeeNumber                       : 1234567
Enabled                              : True
Fax                                  : 
GivenName                            : Тест
HomeDirectory                        : 
HomedirRequired                      : False
HomeDrive                            : 
HomePage                             : 
HomePhone                            : 
Initials                             : 
instanceType                         : 4
ipPhone                              : 5555
isDeleted                            : 
KerberosEncryptionType               : {}
LastBadPasswordAttempt               : 08.08.2017 17:28:14
LastKnownParent                      : 
lastLogoff                           : 0
lastLogon                            : 131505388197587846
LastLogonDate                        : 04.10.2017 10:21:30
lastLogonTimestamp                   : 131515752909280265
LockedOut                            : False
logonCount                           : 77
logonHours                           : {255, 255, 255, 255...}
LogonWorkstations                    : 
Manager                              : 
MemberOf                             : {CN=Time_Terminal,OU=Группы***,DC=***,DC=com}
MNSLogonAccount                      : False
MobilePhone                          : 
Modified                             : 06.10.2017 14:48:14
modifyTimeStamp                      : 06.10.2017 14:48:14
msDS-User-Account-Control-Computed   : 0
msNPAllowDialin                      : True
msTSExpireDate                       : 02.09.2017 9:20:25
msTSLicenseVersion                   : 393218
msTSLicenseVersion2                  : 7
msTSLicenseVersion3                  : C50-6.02-S
msTSManagingLS                       : 00252-60126-11311-AT391
Name                                 : Тест
nTSecurityDescriptor                 : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory                       : CN=Person,CN=Schema,CN=Configuration,DC=***,DC=com
ObjectClass                          : user
ObjectGUID                           : 5140b556-a13c-40e4-84dd-fa8ecaab9392
objectSid                            : S-1-5-21-1417133057-3534643827-4023925714-3807
Office                               : 123
OfficePhone                          : 
Organization                         : 
OtherName                            : 
PasswordExpired                      : False
PasswordLastSet                      : 04.10.2017 10:20:36
PasswordNeverExpires                 : False
PasswordNotRequired                  : False
physicalDeliveryOfficeName           : 123
POBox                                : 
PostalCode                           : 
PrimaryGroup                         : CN=Пользователи домена,CN=Users,DC=***,DC=com
primaryGroupID                       : 513
PrincipalsAllowedToDelegateToAccount : {}
ProfilePath                          : \\TSRV_01_1\users\Profile
ProtectedFromAccidentalDeletion      : False
pwdLastSet                           : 131515752368219243
SamAccountName                       : Тест
sAMAccountType                       : 805306368
ScriptPath                           : 
sDRightsEffective                    : 15
ServicePrincipalNames                : {}
SID                                  : S-1-5-21-1417133057-3534643827-4023925714-3807
SIDHistory                           : {}
SmartcardLogonRequired               : False
State                                : 
StreetAddress                        : 
Surname                              : 
Title                                : 
TrustedForDelegation                 : False
TrustedToAuthForDelegation           : False
UseDESKeyOnly                        : False

UserPrincipalName                    : Тест@***.com
uSNChanged                           : 7395093
uSNCreated                           : 3629246
whenChanged                          : 06.10.2017 14:48:14
whenCreated                          : 05.01.2017 14:15:06

I posted the configuration screenshots in my drive
https://drive.google.com/open?id=0B-eu- … Gs2WFhmdmc

Offline

#4 2017-10-09 10:37:12

sarkan20
Member
Registered: 2017-10-06
Posts: 4

Re: GLPI 9.1.6 and LDAP

In the "Criterion" field, I specified the name of the AD user variable.
In AD, the "office" parameter is set to 123.
I create a rule and add a new parameter in it to its LDAP Office.
In the "Criterion" field, I specify the user's variable AD - office.
When I try to log in as user "test" I get an error.

Another question: how can I check what value the parameter of the GLPI "office" got?
Maybe I'm not comparing those values?
Or can specify a variable it is necessary on another?
For example,% {office}% ????

Last edited by sarkan20 (2017-10-09 10:42:51)

Offline

Board footer

Powered by FluxBB