You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
#1 2024-03-28 02:46:30
- JF-Secure
- Member
- Registered: 2024-03-28
- Posts: 3
LDAPs with GLPI installed with Windows Server
Hello,
I have a Windows 2019 server with GLPI installed.
I currently have an active LDAP connection, and everything is working fine. I want to configure LDAPs to increase security, but all I get is a "Test failed" message without much detail.
In my server configuration, I've tried several combinations, but all have failed. For example:
ldaps://dc1.corp.net
Port: 636
TLS usage disabled
If I revert to normal LDAP, everything works fine:
ldap://dc1.corp.net
Port: 389
TLS usage disabled
I've checked all the logs, but I haven't found anything significant. I've tested my dc1.corp.net with ldp.exe, and I was able to connect using port 636. From my GLPI server, if I telnet to dc1.corp.net 636, it also works!
Several articles show examples for Linux, but when the installation is on Windows, I can't find the same solutions or I can't apply them.
Do you have a solution to suggest or a way to diagnose this problem?
Thanks in advance!
Offline
#2 2024-03-28 11:59:52
- s0p4L1n3
- Member
- Registered: 2024-03-25
- Posts: 5
Re: LDAPs with GLPI installed with Windows Server
You have the same error than me (check my previous posted on 25th march 2024)
I already post an "issue" on github but they closed it.
The "workaround" is to set Bind to No but it will enable Anonymous Binding, but in enterprise where Anonymous Binding is disabled, it is not working.
We should open an issue where we can ask to fix this issue because LDAPS with Binding does not work while LDAP with Starttls is working. So it is not a certificate problem.
Offline
#3 2024-03-28 16:56:52
- s0p4L1n3
- Member
- Registered: 2024-03-25
- Posts: 5
Re: LDAPs with GLPI installed with Windows Server
I found my problem, try this if like me you did not read the doc
# LDAPS NOT WORKING
# LDAPS WORKING
Offline
#4 2024-03-28 19:42:34
- JF-Secure
- Member
- Registered: 2024-03-28
- Posts: 3
Re: LDAPs with GLPI installed with Windows Server
Glad you have it working.
On my end before opening the question I did the test with the ldaps:// with IP and FQDN same issue with port 636 and TLS off
I did retest again and same problem.
Any other idea ?
Offline
#5 2024-03-29 17:19:54
- s0p4L1n3
- Member
- Registered: 2024-03-25
- Posts: 5
Re: LDAPs with GLPI installed with Windows Server
On your Active Directory, can you verify with by launch MMC with Admin Rights you have the DC Certificate presents in both your Personnal (From Computer) and NTDS/Personnal/Certificate (From Service)
From MMC > Add snap-in > Certificates > Add > Service Account > This computer > Active Directory Domain Services >
By default when you install certificate, Windows only install it on Computer > Personnal > Certificats, and yes ldp.exe says it works but when you try LDAPS with solution like GLPI it really try to acces the directory with over LDAPS and as the certificate is not in the NTDS/Personnal store. It fails.
Offline