Trace: » How to be able to authenticate itself on two different directories LDAP with the same database

Obsolete Tip: Since the version of GLPI 0.7, it is possible nativement to question several directories.

How to be able to authenticate itself on two different directories LDAP with the same database

The configuration for two directories LDAP is the same one as for a Classique directory or a directory AD. (cf heading To configure GLPI). The configuration was tested successfully on a LDAP/AD Windows 2003 Server

To be able to have a double authentification it is necessary to have two authorities of GLPI on the waiter; one which will take the authentification on the LDAP1 and another on the LDAP2. that is to say the definition of the waiters and basedn according to for research:

Hote1: ldap: //ldap1.chezmoi.fr
 Basedn1: CN=Users, DC=chezmoi, DC=fr or OU=Invites, DC=chezmoi, DC=fr
 Hote2: ldap: //ldap2.chezmoi.fr
 Basedn2: CN=Users, DC=chezmoi, DC=fr or OU=Invites, DC=chezmoi, DC=fr

We thus have on our web server:

http://repertoire_du_serveur/glpi1 and http://repertoire_du_serveur/glpi2

Configuration on the level of the Web server: In each authority of glpi, one has the file config.php in the repertory config with the root of glpi (repertoire_du_serveur/glpi/config/config.php)

In this file we have the following lines starting from line 320

 yew (! empty ($cfg_glpi [“ldap_host”])){
                      $cfg_glpi [“ldap_host”]   = utf8_decode ($cfg_glpi [“ldap_host2”]);
                      $cfg_glpi [“ldap_basedn”] = utf8_decode ($cfg_glpi [“ldap_basedn2”]);
                      $cfg_glpi [“ldap_rootdn”] = utf8_decode ($cfg_glpi [“ldap_rootdn2”]);
                      $cfg_glpi [“ldap_pass”] = utf8_decode ($cfg_glpi [“ldap_pass”]);

We thus should modify as follows the file config.php contained in the repository config of the second authority of glpi:

                     yew (! empty ($cfg_glpi [“ldap_host”])){
                      $cfg_glpi [“ldap_host”]   = utf8_decode ($cfg_glpi [“ldap_host2”]);
                      $cfg_glpi [“ldap_basedn”] = utf8_decode ($cfg_glpi [“ldap_basedn2”]);
                      $cfg_glpi [“ldap_rootdn”] = utf8_decode ($cfg_glpi [“ldap_rootdn2”]);
                      $cfg_glpi [“ldap_pass”] = utf8_decode ($cfg_glpi [“ldap_pass”]);

One can realize that there are three new calls to fields of the base of data glpi, that is to say

 ldap_basedn2, ldap_rootdn2 and ldap_host2  

These three fields does not exist in the base of data of GLPI, one thus needs the créerdans the table glpi_config. You can use phpmyadmin, mysqladministrator or all other tools like the line of order for example. These three fields are of the same type which the original fields, is:

  ldap_basedn, ldap_rootdn and ldap_host

Note: If the password of the account which reaches the directory is different on the two directories, you can then create another field ldap_pass2 in the same table. But you must then modify the file config.php in concéquence in the second authority. Once the fields created, to inform them with the parameters of your second ldap, is:

      ldap_host = @IP_de_l' hostdn
      basedn2: CN=Users, DC=chezmoi, DC=fr
      rootdn: an account with Juste the right to read on the directory is CN=uldap, OU=Users, DC=chezmoi, DC=fr

Once this finished configuration, respectively open two navigators out of the two authorities of GLPI. And compare the configuration of the external authentification. You will notice that both point on different directories, but on the other hand, they also point on the same database. I.e. that the computers, the peripherals and all the other materials and others are visible of the two with dimensions ones.