Enable external connection to the nethserver LDAP directory for GLPI integration

glpi
v7
activedirectory

(Rene Ferreira) #1

NethServer Version: NethServer release 7.3.1611
Module: LDAP Integration

I want to do LDAP integration between GLPI and nethserver AD users.

After some research I saw that by default nethserver only accepts anonymous external connections, but when it is anonymous it does not find the users registered in Nethserver.

How do I enable external connections to nethserver AD?

The GLPI needs to connect to the nethserver and read the registered users and then do the import. But he does not accept the connection because he is of an external service.


(Michael Träumner) #2

Have you a link for me, I can’t find, perhaps there is some information that helps me to help you.

To your screenshot: What is about the BaseDN and the connection filter, I think LDAP can’t know where to search without it.

Also I’ve found something about setting ldap connection in smb.conf:

https://ubuntuforums.org/showthread.php?t=1767283

What you can also try is a VPN tunnel between the two servers. So it’s internal not external and it’s much safer.


(Michael) #3

Hi

I had the same problem

first thing ssh to your NethServer installation

run the following command:
account-provider-test dump

you will get something like this
"BindDN" : "ldapservice@AD.EXAMPLE.COM", "LdapURI" : "ldaps://ad.example.com", "DiscoverDcType" : "dns", "StartTls" : "", "port" : 636, "host" : "ad.example.com", "isAD" : "1", "isLdap" : "", "UserDN" : "dc=ad,dc=example,dc=com", "GroupDN" : "dc=ad,dc=example,dc=com", "BindPassword" : "9874FGG90384KJGgg", "BaseDN" : "dc=ad,dc=example,dc=com", "LdapUriDn" : "ldap:///dc%3Dad%2Cdc%3Dexample%2Cdc%3Dcom"

use the following information to enter in GLPI authentification

try the test

if it still does not work do the following on your GLPI server

vi /etc/openldap/ldap.conf

and add the following line “TLS_REQCERT never”

pic3

restart your wweb server

systemctl restart httpd

Let me know


(Thorsten) #4

For me this configurations works. Follow seettings as described by michael or simply look at the Nethserves Webinterface @ “Account Provider”. There you do find all required information.

I do run the following externenal devices:
My router (VPN), my DMS and MadSonic Music server. You can find the correct parameters also within the admin panel of nextcloud (if installed)

Do not forget to put in the correct IP of the LDAP (not of the nethserver). This was in most cases my initial error. Also UID is critical and dependes on the implementation of the LDAP client. Some clients destinguish between AD and LDAP. In my experience it is easier to use LDAP instead of AD as the nomenclature is different. Dependend on that e.g. the authenficiaon wors with different UID types and consequently different user logins.

“Old fashion AD” uses sAMAaccountName -> username
“New fashion AD” uses UserPrincipalName -> username@ad.mydomain.tld
“LDAP in general” cn -> username

Another tip is to start with simple filters such as
ObjectCategories=person

Good luck and best regards
Thorsten