Setting up TLS from Linux GLPI to Active Directory LDAP
This is assuming you have a Microsoft Self Signed CA.
Enable your domain Controller for LDAPS
On your Domain Controller create a certificate request using the instructions provided: http://support.microsoft.com/kb/321051
Export Root CA
go to: http://CA_Server-IP/certsrv sign in using a user with authority.
Click “Download a CA certificate, certificate chain, or CRL”
Next Click “Download CA certificate” (I had to use IE on XP because FireFox on ubuntu does not allow you to download, only install)
Save as base64
example (CA-cert.cer)
Install CA on Linux box
copy CA-cert.cer to /etc/ssl/certs/
Run c_rehash
Modify ldap.conf
edit /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/CA-cert.cer
TLS_CACERTDIR /etc/ssl/certs
TLS_REQCERT never
Test Connection
apt-get install ldap-utils
run ldapsearch -x -D “user@domain.ca” -b “cn=Users,dc=domain,dc=ca” -H ldaps:win2k3srv.domain.ca -W sAMAccountName=user If everything is setup properly you will receive you search results. If there is a configuration you will receive the message can not connect to LDAP SERVER. ===== Configure GLPI ===== under Setup > Authentication Add a server. name: server name server: ldaps:<LDAP SERVER IP> (notice the s this is what forces TLS)
LDAP Port: 389 (If you sniff the TLS conversation, you will see it use port 636 on its own)
Base DN: dc=domain,dc=ca
rootdn: cn=user,cn=users,dc=
domain,dc=ca
Pass: user passwd
Login Field: samaccountname
Connection Filter:(objectClass=user)
Use TLS: NO (Make sure you choose NO)