GLPI link with an Active Directory

Presentation

In this article, we will see how to configure GLPI with an Active Directory so that users can identify with their Windows session name and password.

Configuration of the Active Directory in GLPI

From the navigation menu go to Configuration 1 > Authentications 2.

Aller à la configuration des authentifications

In the External Authentications list, click LDAP Directories 1.

Liaison LDAP

Click on the + 1 to add a directory.

Ajouter un annuaire

Click on Active Directory 1 to pre-fill the fields.

GLPI liaison avec un Active Directory

Configure Active Directory :

  • 1 Enter a name.
  • 2 Set this directory as default
  • 3 Make the server Active
  • 4 Enter the fqdn name or ip of your domain controller
  • 5 Enter Active Directory Domain DN Base
  • 6 Username and password of an account authorized to login
  • 7 Click Add.
Configurer le serveur AD

Click on the newly added server 1.

Serveur ajouté

From the LDAP Directory 1 tab, you can find the configuration of the directory you entered just before.

Résume et edition du serveur

Go to the Test 1 tab and click on the Test 2 button. If the configuration is good you should get the confirmation message 3.

Tester la liaison

The tab Users 1 makes it possible to parameterize the connections between the Active Directory and the GLPI base.

Paramètrage des champs utilisateurs

The tab Groups 1 allows the import of groups AD and to make the link also with GLPI.

Parametre de la liaison des groupes

Import users

From the navigation menu go to Administration 1 / Users 2.

Aller à la gestion des utilisateurs

For the moment, there are only the default users. Click the LDAP Directory Link button 1.

Aller sur l'option de liaison

From this page, it is also possible to synchronize the user already imported in case of modification in the Active Directory. Click on Import new users 1.

Aller à l'importation

From this form, it is possible to make search filters. Here we want to import all users, click on Search 1.

Lancer une recherche

Below the form the search result 1 is displayed.

Résultat de la recherche

Check the users 1 that should be imported and click on the Actions 2 button.

Sélectionner les utilisateurs à importer

At the action level select Import 1 and click on Send 2.

Importer les utilisateurs

A notification should be displayed with the result of the action.

Go back to the list of users to check that they are present.

Utilisateurs importés

Synchronization works the same way.

Import of groups

The operation for importing groups is the same as for users.

From the navigation menu, go to Administration 1 / Groups 2.

Aller à la configuration des groupes

Click LDAP Directory Link 1.

Aller aux options de liaison

Click Import New Groups 1.

Importation des groupes

Click on Send 1 to execute the search, select the groups to import 2 and click on Action 3.

Rechercher et sélectionner les groupes

At the action level select Import 1 and click on Send 2.

Importer

Go back to the group list and check the result.

Groupe importer dans GLPI

Automation of user import and synchronization

Unfortunately there are no automatic actions in GLPI to perform these tasks.

Fortunately the developers of GLPI have thought of everything, there is a script (ldap_mass_sync.php) which makes it possible to carry out that.

Before setting up the automation I invite you to read the following article: GLPI: automatic actions configuration.

The implementation of import and synchronization automation uses the same operation. Creation of a bat with a scheduled task.

The following explanations are for Windows. By reading the article on automatic actions and adapting the following explanations it is possible to do it under Linux.

In the installation directory of GLPI located the file ldap_mass_sync.php which is in the scripts directory at the root of the site.

Create a bat file with the following contents :

This line will have the effect of synchronizing users all the directories declared in GLPI.

Create a new scheduled task on the web server that will launch the bat. According to your needs adapt the execution interval.


Syntaxe

ldap_mass_sync.php [<Options>]

Parameters

ParameterDescription
ldapservers_idOptional, this parameter is used to specify the LDAP server ID.
If the parameter is not filled in, the script will run for all active servers.
actionOptional, this parameter is used to determine the action to be taken.
0: Import only
1: Synchronization of existing users
2: Import and synchronization
If no value is filled in, the script will only synchronize

Example :

ldap_mass_sync.php ldapservers_id=1 action=1

The script will run only for the ldap server with ID 1 and synchronizes the users.





Related Posts


GLPI on IIS: configuration and installation

Table Of ContentsPrerequisitesPreparing the environment for GLPI for IISAfter installationRename / Delete the install folderSend email In this tutorial, I will explain how to prepare the Windows envir

Active Directory: trust relationship between two forests / domains

PresentationPrerequisitesConfigure the trust relationshipTest the trust relationshipLog on to a post in another domainJoin a group in the trusted domain Presentation The trust relationship between two

Fusion Inventory: Configuring Discovery and Inventory Tasks

Presentation Through this tutorial, I am going to try to explain you how works FusionInventory and the tasks of network discovery and inventory SNMP in fusioninventory. If you think of be able to inve