Trace:

Differences

This shows you the differences between the selected revision and the current version of the page.

en:ldapautenthicatesamedatabase 2015/07/03 09:46 current
Line 1: Line 1:
 +<note warning>
 +Obsolete Tip: Since the version of GLPI 0.7, it is possible nativement to question several directories.
 +</note>
 +====== How to be able to authenticate itself on two different directories LDAP with the same database ======
 +The configuration for two directories LDAP is the same one as for a Classique directory or a directory AD. (cf heading To configure GLPI). The configuration was tested successfully on a LDAP/AD Windows 2003 Server
 +
 +To be able to have a double authentification it is necessary to have two authorities of GLPI on the waiter; one which will take the authentification on the LDAP1 and another on the LDAP2. that is to say the definition of the waiters and basedn according to for research:
 +<code>
 +Hote1: ldap: //ldap1.chezmoi.fr
 + Basedn1: CN=Users, DC=chezmoi, DC=fr or OU=Invites, DC=chezmoi, DC=fr
 + Hote2: ldap: //ldap2.chezmoi.fr
 + Basedn2: CN=Users, DC=chezmoi, DC=fr or OU=Invites, DC=chezmoi, DC=fr
 +</code>
 +We thus have on our web server:
 +<code>
 +http://repertoire_du_serveur/glpi1 and http://repertoire_du_serveur/glpi2
 +</code>
 +Configuration on the level of the Web server: In each authority of glpi, one has the file config.php in the repertory config with the root of glpi (repertoire_du_serveur/glpi/config/config.php)
 +
 +In this file we have the following lines starting from line 320
 +<code>
 + yew (! empty ($cfg_glpi [“ldap_host”])){
 +                      $cfg_glpi [“ldap_host”]  = utf8_decode ($cfg_glpi [“ldap_host2”]);
 +                      $cfg_glpi [“ldap_basedn”] = utf8_decode ($cfg_glpi [“ldap_basedn2”]);
 +                      $cfg_glpi [“ldap_rootdn”] = utf8_decode ($cfg_glpi [“ldap_rootdn2”]);
 +                      $cfg_glpi [“ldap_pass”] = utf8_decode ($cfg_glpi [“ldap_pass”]);
 +</code>
 +We thus should modify as follows the file config.php contained in the repository config of the second authority of glpi:
 +<code>
 +                    yew (! empty ($cfg_glpi [“ldap_host”])){
 +                      $cfg_glpi [“ldap_host”]  = utf8_decode ($cfg_glpi [“ldap_host2”]);
 +                      $cfg_glpi [“ldap_basedn”] = utf8_decode ($cfg_glpi [“ldap_basedn2”]);
 +                      $cfg_glpi [“ldap_rootdn”] = utf8_decode ($cfg_glpi [“ldap_rootdn2”]);
 +                      $cfg_glpi [“ldap_pass”] = utf8_decode ($cfg_glpi [“ldap_pass”]);
 +</code>
 +One can realize that there are three new calls to fields of the base of data glpi, that is to say
 +<code>
 + ldap_basedn2, ldap_rootdn2 and ldap_host2 
 +</code>
 +These three fields does not exist in the base of data of GLPI, one thus needs the créerdans the table glpi_config. You can use phpmyadmin, mysqladministrator or all other tools like the line of order for example. These three fields are of the same type which the original fields, is:
 +<code>
 +  ldap_basedn, ldap_rootdn and ldap_host
 +</code>
 +Note: If the password of the account which reaches the directory is different on the two directories, you can then create another field ldap_pass2 in the same table. But you must then modify the file config.php in concéquence in the second authority. Once the fields created, to inform them with the parameters of your second ldap, is:
 +<code>
 +      ldap_host = @IP_de_l' hostdn
 +      basedn2: CN=Users, DC=chezmoi, DC=fr
 +      rootdn: an account with Juste the right to read on the directory is CN=uldap, OU=Users, DC=chezmoi, DC=fr
 +</code>
 +Once this finished configuration, respectively open two navigators out of the two authorities of GLPI. And compare the configuration of the external authentification. You will notice that both point on different directories, but on the other hand, they also point on the same database. I.e. that the computers, the peripherals and all the other materials and others are visible of the two with dimensions ones.