LDAPS integration

tmuukkon · 2025-02-25 22:15:57

Hello,

I am desperate to get assistance with this.

I have read dozens of forum topics and GitHub issues etc. regarding this but still haven't been able to resolve this issue.

I am trying to add LDAPS login to GLPI.

I have tried numerous things. TLS on, TLS off, ldaps://<server name> and just <servername> bind on, bind off...

Nothing has worked. The documentation is not specific enough.

I have not configured any service with LDAPS before.

Windows Server 2025
IIS
PHP 8.3.17
MySQL 8.4.4 LTS
GLPI 10.0.18

Domain controller server is also WinServer 2025.

GLPI is on HTTPS. I have imported the RootCA to the web server.

Has anyone had a similar problem before? I have gotten all kinds of PHP errors/warnings. Unknown scheme, unable to bind, unable to establish TLS connection...
One time I managed to get the test to run successfully, but logging in with an AD account didn't work, got an error.

If anyone knows how to help, don't assume that I know ANYTHING. Please list all configurations I have to do.

If I missed any important detail please do let me know.

Thanks in advance.

eLBruto · 2025-02-25 22:22:55

I'd need a bit more details regarding to this.
Replace every company related detail with Contoso or Example and provide us with how your configuration looks like.

tmuukkon · 2025-02-25 22:26:04

LDAP configuration in GLPI:

Server: ldaps://DC1
Port: 636
Filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Base DN: DC=ad,DC=contoso,DC=com
Use bind: Yes
Root DN: CONTOSO\Management

Currently, TLS off.

cconard96 · 2025-02-25 23:54:29

Trying enabling TLS, Disabling Bind, adding ldaps:// to beginning of the server field, and making sure your GLPI server knows and trusts the Root CA (and restart the web server after importing the certificate)
https://github.com/glpi-project/glpi/issues/15941

tmuukkon · 2025-02-26 15:12:57

Hello Curtis,

thank you for the reply.

That GitHub topic was one of those that I have read.

Here's what I did:

Use TLS > Yes
Use bind > No
Server: ldaps://DC1

The GLPI server has the root CA imported.
On the CA, I exported the Root CA, moved it to the GLPI server, and pressed Install Certificate.

When trying to run the test, I get following:

PHP Warning: Unable to start TLS connection to LDAP server `ldaps://DC1:636`
error: Can't contact LDAP server (-1)
extended error: error:16000069:STORE routines::unregistered scheme
err string: error:16000069:STORE routines::unregistered scheme in C:\inetpub\wwwroot\src\AuthLDAP.php on line 3156

eLBruto · 2025-02-26 16:28:51

use bind : yes

tmuukkon · 2025-02-26 18:46:41

Even with bind on, I get the same error: unregistered scheme.

cconard96 · 2025-02-27 01:18:17

While this was reported as an issue while using XAMPP, it wouldn't surprise me if it is a Windows issue in general.
https://stackoverflow.com/a/58844013/5870394

tmuukkon · 2025-02-27 09:44:26

I am not on XAMPP though. I will try that method on there.

Forum GLPI-Project

Announcement

#1 2025-02-25 22:15:57

LDAPS integration

#2 2025-02-25 22:22:55

Re: LDAPS integration

#3 2025-02-25 22:26:04

Re: LDAPS integration

#4 2025-02-25 23:54:29

Re: LDAPS integration

#5 2025-02-26 15:12:57

Re: LDAPS integration

#6 2025-02-26 16:28:51

Re: LDAPS integration

#7 2025-02-26 18:46:41

Re: LDAPS integration

#8 2025-02-27 01:18:17

Re: LDAPS integration

#9 2025-02-27 09:44:26

Re: LDAPS integration

Board footer