You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2024-05-31 16:29:17

Nick1
Member
Registered: 2022-09-02
Posts: 2

Automatic authentication of all users via Active Directory

Hello!
I`m very need help to configure automatic authentication of all users via Active Directory. But, unfortunately, I don't know how to do this.
I would like to make automatic login of all users with their credentials from AD. And users must be authenticated as users, admins as admins, etc. in GLPI.

GLPI runs on a domain name like "mysubdomain.mycompany.tld". Windows Sever on "dc1.mycompany.tld".

Users computers are running on Windows 7, 10 and 11 and there are also several Linux PCs.


I have LAMP (Ubuntu Server 24.04, Apache v2.4.58, MariaDB v10.11.7, PHP v8.3.6) and Windows Server 2022; GLPI v10.0.15 (latest stable) installed on Ubuntu Server.

Of course, if necessary I can show the various configuration files… Maybe someone has already done such automatic authentication and knows how to do it step by step?

P.S. In advance, thank you very much for the useful information/code/how to do on this issue!
P.P.S. And I really hope for the help of the GLPI community! smile

Offline

#2 2024-06-03 10:30:19

tikkit
Member
Registered: 2015-03-25
Posts: 19

Re: Automatic authentication of all users via Active Directory

Did you read the documentation about LDAP?

https://glpi-user-documentation.readthedocs.io/fr/latest/modules/configuration/authentication/ldap.html

Offline

#3 2024-06-03 15:08:42

mmoral
Member
Registered: 2023-12-28
Posts: 50

Re: Automatic authentication of all users via Active Directory

Hello,

Check this article is old but works with glpi 10.x
I used it

https://www. bujarra.com/integracion-de-glpi-con-directorio-activo/?lang=en

Regards

Offline

#4 2024-06-04 11:55:43

Nick1
Member
Registered: 2022-09-02
Posts: 2

Re: Automatic authentication of all users via Active Directory

tikkit wrote:

Did you read the documentation about LDAP?

Yes, of course. But in official docs no one word about automatic (transparency) authentication with credentials from AD.

mmoral wrote:

Check this article is old but works with glpi 10.x
I used it

Unfortunately, in this article nothing about automatic (transparency) auth from AD too…
---------------------------

First, tikkit and mmoral thank you for reply.

I already have users imported from AD on a scheduled basis (via cron) using the command glpi:ldap:synchronize_users.

But users must entered it`s credentials from AD (it`s login and password).
In my situation we need automatic (transparency) authentication WITHOUT the user entering his login and password (automatic auth).

So when you enter the domain where GLPI is located («mysubdomain.mycompany.tld»), a user must authenticate automatically and get into their personal GLPI account in accordance with their rights on the AD domain (without entering his username/password).

This data should somehow be pulled from AD automatically (login and password)…

So, when user entered «mysubdomain.mycompany.tld» in browser, he should be authenticated automatically in GLPI.

Perhaps I need to change something in the standard «login.php» code (/var/www/html/glpi/front/login.php) in GLPI, but I don’t know how to implement it.
---------------------------

The question remains open. And I really need help with this issue!..

Offline

#5 2024-06-04 12:30:14

mmoral
Member
Registered: 2023-12-28
Posts: 50

Re: Automatic authentication of all users via Active Directory

Hi,

Check this plugin: https:// plugins.glpi-project.org/#/plugin/glpisaml

Last edited by mmoral (2024-06-04 12:31:55)

Offline

#6 2024-06-05 09:56:02

joseluis.teixeira
Member
From: PT - GMR
Registered: 2013-05-07
Posts: 51

Re: Automatic authentication of all users via Active Directory

Nick1,

As you may know, knowing what we want is halfway to reaching the solution.
You are referring to "automatic (transparency) authentication", what you want is SSO (Single Sign On).

SSO, needs to be implemented via SAML.
Security Assertion Markup Language, or SAML, is a standardized way to tell external applications and services that a user is who they say they are.
SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications.

Thus, search on the forum sso and saml and there are some topics that can help you.

Offline

Pages: 1

Board footer

Powered by FluxBB