Automatic authentication v0.71 - Debian Etch
Article written by emgenet
The goal of this tip is to make it possible to the users of GLPI to be able to be identified in the application without having to repair their name of user like their password IF and ONLY IF waiter GLPI is a waiter Debian Etch and the version of minimum GLPI 0.71.
This easy way functions with Apache 2 and GLPI configured with an external authentification with Active Directory. The user must use Internet Explorer.
The configuration on which this handling was validated is this one:
- GLPI: 0.71.1 and AD on W2k3 - Internet Explorer 6sp2 and 7 - Waiter Debian Etch/Apache 2.2.3/PHP 5.2.0/Perl
(Also Functions with GLPI 0.71.2 pennies Ubuntu Server 8.10 (Apache 2.2.9/PHP 5.2.6/Perl 5.10.0) and two AD 2000 and 2003, IE6 and 7 and FF3)
Consequently if you test on another configuration and that functions do not hesitate to supplement.
Small precision, the modifications as well as the code provided in this article are not ego besides some lines thus large a thank you with those which will be recognized, I would quote especially the article of the wiki for configuration on one 0.68 and Suse.
**Update of the Server**
If you do not have the tools yet below, please install them.
apt-get install make GCC libc6-Dev.
apt-get install libapache2-MOD-perl2
Installation of ntlm on the server
In this distribution (Etch) bookshop libapache2-authenntlm-Perl does not exist yet. The package was however developed on the new distribution (Lenny), you can thus find the package here http://packages.debian.org/en/source/lenny/libapache2-authenntlm-perl then to do one
tar - xvzf libapache2-authenntlm-perl_0.02.orig.tar.gz
to enter the new repository, to make
To modify your Apache site like below, (/etc/apache2/sites-available/default), while adding between the beacons:
PerlModule Apache2:: AuthenNTLM <Directory “/var/www/glpi " > PerlAuthenHandler Apache2:: AuthenNTLM AuthType ntlm, BASIC AuthName paipartners require valid-to use PerlAddVar ntdomain “@@DOMAIN@@ @@PDC@@ @@BDC@@” PerlAddVar ntdomain “@@DOMAIN2_AU_BESOIN@@ @@PDC2@@ @@BDC2@@” PerlSetVar defaultdomain @@DOMAIN@@ PerlSetVar splitdomainprefix 1 PerlSetVar ntlmdebug 0 Ntlmauthoritative PerlSetVar off </Directory>
Variables used above:
@@DOMAIN@@: Domain name of your field without the extensions .fr .com etc
@@PDC@@: A controller of field of your infrastructure
@@BDC@@: Another which will be used as help
@@DOMAIN2_AU_BESOIN@@: Domain name of another field if you have others of them, the line is not obligatory.
@@PDC2@@: A controller of field of your second infrastructure
@@BDC2@@: Another which will be used as help
A last point, to check that your cd. are well solved on level IP, if not, not to hesitate to put them in the /etc/hosts file
Configuration of GLPI on line
To connect itself to GLPI with an account having the rights to modify the authentifications.
To go in Configuration/Authentification
To go in the mitre Others
In the 3rd parameter, Others - Activated
On Field of storage of the login in the variable _SERVER, to choose in drop-down list REMOTE_USER
As regard navigator
It should well be checked that “To activate the integrated authentication of Windows” in the advanced options of Internet Explorer is well notched. Then to add the site glpi in the zone of confidence Intranet or extranet.
to launch a new mitre
to type in the bar of address “butt: config”
in the list, to seek the line “network.automatic-ntlm-auth.trusted-uris”
made a double-click on this line
to add “IP OF WAITER GLPI”
to make OK
With you to play
Here about all that I could gather on this addition of function but so some among you wants to improve the tip then do not hesitate, I am also taking!!!!