GLPI LDAP Authentication on Active Directory

GLPI LDAP Authentication on Active Directory

Would you like to learn how to configure GLPI LDAP authentication on Active directory? In this tutorial, we are going to show you how to authenticate GLPI users using the Microsoft Windows database Active directory and the LDAP protocol.

• GLPI version: 9.3.1

Hardware List:

The following section presents the list of equipment used to create this GLPI tutorial.

Every piece of hardware listed above can be found at Amazon website.

GLPI Playlist:

On this page, we offer quick access to a list of videos related to Zabbix installation.

Playlist

Don't forget to subscribe to our youtube channel named FKIT.

GLPI Related Tutorial:

On this page, we offer quick access to a list of tutorials related to GLPI installation.

Tutorial - Windows Domain Controller Firewall

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the GLPI server to query the Active directory database.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

zabbix windows firewall port

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Zabbix windows firewall profile

Enter a description to the firewall rule.

windows firewall allow glpi

Congratulations, you have created the required firewall rule.

This rule will allow GLPI to query the Active directory database.

Tutorial - Windows Domain Account Creation

Next, we need to create 1 account on the Active directory database.

The GLPI account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Active Directory New user

Create a new account named: GLPI

Password configured to the GLPI user: kamisama123@

This account will be used to query the passwords stored on the Active Directory database.

GLPI Active Directory Account bind

GLPI Active Directory Password

Congratulations, you have created the required Active Directory account.

Tutorial - GLPI LDAP Authentication on Active Directory

Open your browser and enter the IP address of your web server plus /glpi.

In our example, the following URL was entered in the Browser:

• http://35.162.85.57/glpi

On the login screen, use the default username and default password.

• Default Username: glpi
• Default Password: glpi

glpi login

After a successful login, you will be sent to the GLPI Dashboard.

glpi dashboard

On the dashboard screen, access the Setup menu and select the Authentication option.

GLPI Setup Authentication

Access the following option:

• LDAP directories

Select the option to Add a new LDAP directory.

You need to configure the following items:

• Name: TECH-DC01
• Default server: Yes
• Active: Yes
• Server: 192.168.0.50
• Port: 389
• Connection filter: (&(objectClass=user)(objectCategory=person))
• BaseDN: dc=techexpert,dc=tips
• RootDN: glpibind@techexpert.tips
• Password: kamisama123@
• Login field: SaMAccountName
• Synchronization field: objectguid

You need to change TECH-DC01 to the name of your domain controller.

You need to change the IP address 192.168.0.50 to your domain controller IP.

You need to change the domain information techexpert.tips to reflect you Network environment.

Click on the Add button.

GLPI AD LDAP AUTHENTICATION

Access your LDAP directory properties and select the menu option named: TEST

GLPI Ldap menu

Click on the Test button.

If your test succeeds, you should see the following message.

GLPI Ldap test

Congratulations! You have configured the GLPI server and Active directory integration.

Tutorial - GLPI Importing Active Directory Users

Now, you need to import a list of users from Active directory to your GLPI database.

On the dashboard screen, access the Administration menu and select the Users option.

GLPI Active Directory Users

Click on the LDAP directory link button.

GLPI Ldap directory link

Select the option: Import new Users.

GLPI Import new users

Click on the Search button.

The GLPI system will query a list of users from the Active Directory Database.

Select the List of users that need to have access to the GLPI system.

GLPI Import users

Click on the Actions button, select the Import option and confirm the operation.

In our example, we imported the Trunks and Gohan users.

After finishing your configuration, you should log off the GLPI web interface.

Try to login using an imported account and the password from the Active Directory database.

• Username: trunks
• Password: Enter the Active directory password.

GLPI Active Directory Login

The GLPI User dashboard will be presented.

GLPI User dashboard

Congratulations! You have configured the GLPI authentication on Active Directory using LDAP.

VirtualCoin CISSP, PMP, CCNP, MCSE, LPIC22019-05-27T13:29:18-03:00