You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2024-03-28 02:46:30

JF-Secure
Member
Registered: 2024-03-28
Posts: 3

LDAPs with GLPI installed with Windows Server

Hello,

I have a Windows 2019 server with GLPI installed.

I currently have an active LDAP connection, and everything is working fine. I want to configure LDAPs to increase security, but all I get is a "Test failed" message without much detail.

In my server configuration, I've tried several combinations, but all have failed. For example:

ldaps://dc1.corp.net
Port: 636
TLS usage disabled

If I revert to normal LDAP, everything works fine:

ldap://dc1.corp.net
Port: 389
TLS usage disabled

I've checked all the logs, but I haven't found anything significant. I've tested my dc1.corp.net with ldp.exe, and I was able to connect using port 636. From my GLPI server, if I telnet to dc1.corp.net 636, it also works!

Several articles show examples for Linux, but when the installation is on Windows, I can't find the same solutions or I can't apply them.

Do you have a solution to suggest or a way to diagnose this problem?

Thanks in advance!

Offline

#2 2024-03-28 11:59:52

s0p4L1n3
Member
Registered: 2024-03-25
Posts: 5

Re: LDAPs with GLPI installed with Windows Server

You have the same error than me (check my previous posted on 25th march 2024)

I already post an "issue" on github but they closed it.

The "workaround" is to set Bind to No but it will enable Anonymous Binding, but in enterprise where Anonymous Binding is disabled, it is not working.

We should open an issue where we can ask to fix this issue because LDAPS with Binding does not work while LDAP with Starttls is working. So it is not a certificate problem.

Offline

#3 2024-03-28 16:56:52

s0p4L1n3
Member
Registered: 2024-03-25
Posts: 5

Re: LDAPs with GLPI installed with Windows Server

I found my problem, try this if like me you did not read the doc

# LDAPS NOT WORKING

not-working-ldaps.png


# LDAPS WORKING


working-ldaps.png

Offline

#4 2024-03-28 19:42:34

JF-Secure
Member
Registered: 2024-03-28
Posts: 3

Re: LDAPs with GLPI installed with Windows Server

Glad you have it working.

On my end before opening the question I did the test with the ldaps:// with IP and FQDN same issue with port 636 and TLS off

I did retest again and same problem.

Any other idea ?

Offline

#5 2024-03-29 17:19:54

s0p4L1n3
Member
Registered: 2024-03-25
Posts: 5

Re: LDAPs with GLPI installed with Windows Server

On your Active Directory, can you verify with by launch MMC with Admin Rights you have the DC Certificate presents in both your Personnal (From Computer) and NTDS/Personnal/Certificate (From Service)

Certificate-AD.png


From MMC > Add snap-in > Certificates > Add > Service Account > This computer > Active Directory Domain Services >


By default when you install certificate, Windows only install it on Computer > Personnal > Certificats, and yes ldp.exe says it works but when you try LDAPS with solution like GLPI it really try to acces the directory with over LDAPS and as the certificate is not in the NTDS/Personnal store. It fails.

Offline

Board footer

Powered by FluxBB