-
Notifications
You must be signed in to change notification settings - Fork 14
8.13 How to Setting up TLS from Linux GLPI to Active Directory LDAP
Setting up TLS from Linux GLPI to Active Directory LDAP
This is assuming you have a Microsoft Self Signed CA. Enable your domain Controller for LDAPS
On your Domain Controller create a certificate request using the instructions provided: http://support.microsoft.com/kb/321051 Export Root CA
go to: http://CA_Server-IP/certsrv sign in using a user with authority.
Click “Download a CA certificate, certificate chain, or CRL”
Next Click “Download CA certificate” (I had to use IE on XP because FireFox on ubuntu does not allow you to download, only install)
Save as base64
example (CA-cert.cer) Install CA on Linux box
copy CA-cert.cer to /etc/ssl/certs/
Run c_rehash Modify ldap.conf
edit /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/CA-cert.cer
TLS_CACERTDIR /etc/ssl/certs
TLS_REQCERT never Test Connection
apt-get install ldap-utils
run ldapsearch -x -D “user@domain.ca” -b “cn=Users,dc=domain,dc=ca” -H ldaps://win2k3srv.domain.ca -W sAMAccountName=user
If everything is setup properly you will receive you search results. If there is a configuration you will receive the message can not connect to LDAP SERVER. Configure GLPI
under Setup > Authentication
Add a server.
name: server name
server: ldaps:// (notice the s this is what forces TLS)
LDAP Port: 389 (If you sniff the TLS conversation, you will see it use port 636 on its own)
Base DN: dc=domain,dc=ca
rootdn: cn=user,cn=users,dc=
domain,dc=ca
Pass: user passwd
Login Field: samaccountname
Connection Filter:(objectClass=user)
Use TLS: NO (Make sure you choose NO)