Setup Active Directory with GLPI

Why setup GLPI with Active Directory?:

     One of the biggest reasons to integrate GLPI with Microsoft’s Active Directory, is because Active Directory is already in use by most organizations today. Active Directory allows individuals the ability to sign into multiple workstations and applications with one username and password.  Integrating GLPI with already existing infrastructure makes the most sense as organizations do not need multiple identity management systems running concurrently.

     Also as a lone systems administrator I don’t have the time to try and manage even more systems then I already do, and lets face it, the fewer usernames and passwords end users need to remember the better it is going to be for everyone.

Goal of this Article:?

     In this article, my goal is to go over how to setup active directory with GLPI.  Both GLPI and active directory are already installed and setup. This will be a very basic configuration that will allow you to sync all your users and groups from active directory into GLPI as to give you a good proof of concept.

Initial Setup:

     To start you will need create a service account in active directory so that GLPI can talk with your domain. The service account can be named anything you want and does not need any special permissions. Please refer to the images below as a quick example of how to setup a user in AD.

Link Active Directory:

     After you have setup your service account navigate into your GLPI instance, and click into “Setup” then select “Authentication”. From here you you will need to choose “LDAP directories” and once the page loads click on the “+” icon to start setting up your integration. 

  • Please Note
    • This is a basic setup, which will allow all users and groups to become apart of GLPI. You can limit the scope of users and groups, if you would like, but, I wont go over that in this article. 
    • Please make any changes to the section below to fit your environment.

Active Directory Quick Info

  • Default Server       = Yes
  • Active                    = Yes
  • Connection Filter  = (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  • BaseDN                = DC=celerium, DC=local
  • RootDN                = celerium\glpildap
  • Password             = password for glpildap
  • Login Field           = samaccountname

     Before you test your connection you should edit the “Advanced Information” section and change the “Time Zone” to match your area. After that go ahead and test your connection to ensure that your integration is working correctly.

Sync Active Directory Users:

     Now that the active directory integration is working, you can import domain users of your choosing. To do this, select the “Administration” drop down and choose the “Users” option. After this select “LDAP directory link” and “Import new users”. To make it easy you can choose to click the “Search” button without defining search criteria, as this will pull all the users from active directory that GLPI can see. 

     Next, check the box next the users you want to import, go to actions and import the users. After you have imported the users I suggest that you test the connection by logging out and logging back in as a domain user, IE a test account, to verify that everything is working as it should.

Thoughts:

     Thank you for taking the time to read this article, I hope that it was helpful in some way to you. If you noticed anything wrong or have a better way of doing this please don’t hesitate to comment below or send me a email. Thank you!


Celerium.Org Logo

Leave a Reply