Trace: » Setting up TLS from Linux GLPI to Active Directory LDAP

Setting up TLS from Linux GLPI to Active Directory LDAP

This is assuming you have a Microsoft Self Signed CA.

Enable your domain Controller for LDAPS

On your Domain Controller create a certificate request using the instructions provided: http://support.microsoft.com/kb/321051

Export Root CA

go to: http://CA_Server-IP/certsrv sign in using a user with authority.

Click “Download a CA certificate, certificate chain, or CRL”

Next Click “Download CA certificate” (I had to use IE on XP because FireFox on ubuntu does not allow you to download, only install)

Save as base64

example (CA-cert.cer)

Install CA on Linux box

copy CA-cert.cer to /etc/ssl/certs/

Run c_rehash

Modify ldap.conf

edit /etc/ldap/ldap.conf

TLS_CACERT /etc/ssl/certs/CA-cert.cer

TLS_CACERTDIR /etc/ssl/certs

TLS_REQCERT never

Test Connection

apt-get install ldap-utils

run ldapsearch -x -D “user@domain.ca” -b “cn=Users,dc=domain,dc=ca” -H ldaps://win2k3srv.domain.ca -W sAMAccountName=user

If everything is setup properly you will receive you search results. If there is a configuration you will receive the message can not connect to LDAP SERVER.

Configure GLPI

under Setup > Authentication

Add a server.

name: server name

server: ldaps://<LDAP SERVER IP> (notice the s this is what forces TLS)

LDAP Port: 389 (If you sniff the TLS conversation, you will see it use port 636 on its own)

Base DN: dc=domain,dc=ca

rootdn: cn=user,cn=users,dc=

domain,dc=ca

Pass: user passwd

Login Field: samaccountname

Connection Filter:(objectClass=user)

Use TLS: NO (Make sure you choose NO)