Would you like to learn how to configure GLPI LDAP authentication on Active directory? In this tutorial, we are going to show you how to authenticate GLPI users using the Microsoft Windows database Active directory and the LDAP protocol.
• GLPI version: 9.3.1
Tutorial - Windows Domain Controller Firewall
First, we need to create a Firewall rule on the Windows domain controller.
This firewall rule will allow the GLPI server to query the Active directory database.
On the domain controller, open the application named Windows Firewall with Advanced Security
Create a new Inbound firewall rule.
Select the PORT option.
Select the TCP option.
Select the Specific local ports option.
Enter the TCP port 389.
Select the Allow the connection option.
Check the DOMAIN option.
Check the PRIVATE option.
Check the PUBLIC option.
Enter a description to the firewall rule.
Congratulations, you have created the required firewall rule.
This rule will allow GLPI to query the Active directory database.
Tutorial - Windows Domain Account Creation
Next, we need to create 1 account on the Active directory database.
The GLPI account will be used to query the Active Directory database.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new account inside the Users container.
Create a new account named: GLPI
Password configured to the GLPI user: kamisama123@
This account will be used to query the passwords stored on the Active Directory database.
Congratulations, you have created the required Active Directory account.
Tutorial - GLPI LDAP Authentication on Active Directory
Open your browser and enter the IP address of your web server plus /glpi.
In our example, the following URL was entered in the Browser:
On the login screen, use the default username and default password.
• Default Username: glpi
• Default Password: glpi
After a successful login, you will be sent to the GLPI Dashboard.
On the dashboard screen, access the Setup menu and select the Authentication option.
Access the following option:
• LDAP directories
Select the option to Add a new LDAP directory.
You need to configure the following items:
• Name: TECH-DC01
• Default server: Yes
• Active: Yes
• Server: 192.168.0.50
• Port: 389
• Connection filter: (&(objectClass=user)(objectCategory=person))
• BaseDN: dc=techexpert,dc=tips
• RootDN: firstname.lastname@example.org
• Password: kamisama123@
• Login field: SaMAccountName
• Synchronization field: objectguid
You need to change TECH-DC01 to the name of your domain controller.
You need to change the IP address 192.168.0.50 to your domain controller IP.
You need to change the domain information techexpert.tips to reflect you Network environment.
Click on the Add button.
Access your LDAP directory properties and select the menu option named: TEST
Click on the Test button.
If your test succeeds, you should see the following message.
Congratulations! You have configured the GLPI server and Active directory integration.
Tutorial - GLPI Importing Active Directory Users
Now, you need to import a list of users from Active directory to your GLPI database.
On the dashboard screen, access the Administration menu and select the Users option.
Click on the LDAP directory link button.
Select the option: Import new Users.
Click on the Search button.
The GLPI system will query a list of users from the Active Directory Database.
Select the List of users that need to have access to the GLPI system.
Click on the Actions button, select the Import option and confirm the operation.
In our example, we imported the Trunks and Gohan users.
After finishing your configuration, you should log off the GLPI web interface.
Try to login using an imported account and the password from the Active Directory database.
• Username: trunks
• Password: Enter the Active directory password.
The GLPI User dashboard will be presented.
Congratulations! You have configured the GLPI authentication on Active Directory using LDAP.