Setting up TLS from Linux GLPI to Active Directory LDAP

This is assuming you have a Microsoft Self Signed CA.

Enable your domain Controller for LDAPS

On your Domain Controller create a certificate request using the instructions provided: http://support.microsoft.com/kb/321051

Export Root CA

go to: http://CA_Server-IP/certsrv sign in using a user with authority.

Click “Download a CA certificate, certificate chain, or CRL”

Next Click “Download CA certificate” (I had to use IE on XP because FireFox on ubuntu does not allow you to download, only install)

Save as base64

example (CA-cert.cer)

Install CA on Linux box

copy CA-cert.cer to /etc/ssl/certs/

Run c_rehash

Modify ldap.conf

edit /etc/ldap/ldap.conf

TLS_CACERT /etc/ssl/certs/CA-cert.cer

TLS_CACERTDIR /etc/ssl/certs

TLS_REQCERT never

Test Connection

apt-get install ldap-utils

run ldapsearch -x -D “user@domain.ca” -b “cn=Users,dc=domain,dc=ca” -H ldaps:win2k3srv.domain.ca -W sAMAccountName=user If everything is setup properly you will receive you search results. If there is a configuration you will receive the message can not connect to LDAP SERVER. ===== Configure GLPI ===== under Setup > Authentication Add a server. name: server name server: ldaps:<LDAP SERVER IP> (notice the s this is what forces TLS)

LDAP Port: 389 (If you sniff the TLS conversation, you will see it use port 636 on its own)

Base DN: dc=domain,dc=ca

rootdn: cn=user,cn=users,dc=

domain,dc=ca

Pass: user passwd

Login Field: samaccountname

Connection Filter:(objectClass=user)

Use TLS: NO (Make sure you choose NO)

en/authautoad/tls.txt · Last modified: 2015/07/03 11:46 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International


  • Show pagesource
  • Old revisions
  • Backlinks
  • Recent Changes
  • Media Manager
  • Sitemap
  • Log In