You are not logged in.
Hello,
I try to find a way to enable ldaps with GLPI (10.0.7) on an Ubuntu Server. The LDAP is on a Windows Server with Active Directory. In the GLPI docs, it is say that we must define ldaps://..... and the 636 port. The Windows server was configured to allow the use of ldpas and the port 636, and GLPI on Ubuntu Server was configured to allow ldpas and the port 636. Despite it, I can't connect to ldap with ldaps on port 636. I am a beginner with the use of GLPI, and therefore, I do not know how to solve this problem which seems complex to me. I did a lot of research on the forum, and I found some tips but not a real procedure. If I understood correctly, I need to have a certificate from the Active Directory or domain controller of Windows, and implemented it on the Linux server via apache2. But hey, I'm a bit lost.
The official GLPI documentation is not well documented on this subject.
Thanks.
Regards.
Last edited by pierreL (2023-06-06 16:14:12)
Offline
Hi
You don't need a certificate. You need a user that queries LDAP. And GLPI configuration. I think the documentation is pretty good: https://glpi-user-documentation.readthe … /ldap.html
You can also use e.g. older guides: https://techexpert.tips/glpi/glpi-ldap- … directory/
--
GLPI 10.0.17
GLPI-Inventory 1.4.0
Ubuntu Server 20.04 LTS
Offline
Hello,
I configured in GLPI, ldaps://.... and port 636. When I do a test, It's failed. If I set ldap://..... and port 389, then the test is ok. I defined this line in /etc/ldap/ldap.conf: TLS_REQCERT ALLOW (Linux server).
I do another test with ldaps:// and port 636, and it says it is good. But after a moment, the test says it failed. Is there a way to set correctly ldaps://..... and port 636 to join LDAP on a Windows server with the help of GLPI on a Linux server ?
I don't know how to set up the ldpas with port 636, although I looked at the official documentation. I'm lost.
Thanks.
Offline
Is the Certificate on AD self signed?
Offline
Is the Certificate on AD self signed?
Why ? is a self signed certificat on AD necessary ?
I would like to know one thing. Can It be secure if I use ldap with 389 port but with TLS enabled to replace ldaps with 636 port ?
Last edited by pierreL (2023-06-05 17:00:48)
Offline
Well I'm not really sure but, if u are using ldapS (the S) meaning that you are using a certificate.
This work out of the box in a computer joined in AD but other pc nothing know about the validity of the certificate.
So you have to tell GLPI that don't worry about self signed cert.
Check here: https://forum.glpi-project.org/viewtopic.php?id=25152 (there's a possible solution)
and here https://forum.glpi-project.org/viewtopic.php?id=285377
Offline
Hello,
I try to find a solution without success. Is it enough if I define ldaps and 636 port without TLS in GLPI configuration ?
I noticed that if I set 'TLS_REQCERT ALLOW' in /etc/ldap/ldap.conf on my Linux server, the test is ok to contact the LDAP on Windows Server but I can't connection with an end user through GLPI interface.
@Kaya84: Thanks for your help. ;-)
! News ! : It seems to work. I set ldaps://.... and 636 port in GLPI configuration. In the /etc/ldap/ldap.conf file, I defined TLS_REQCERT ALLOW. I cleaned the cache my web browser and restart the computer to be sure. Now, I can connect to LDAP on the Windows Server with any users (LDAPS).
Last edited by pierreL (2023-06-06 16:14:50)
Offline