Comments (4)
Enterprise policy does not allow Anonymous Logon so chosing 'No' to Use Bind is not working in my case.
Did you try to set this option to No
? It will still trigger a certificate binding, so it may not be considered as anonymous logon.
from glpi.
This issue has been closed as we only track bugs here.
You can get community support on forums or you can consider taking a subscription to get professional support.
You can also contact GLPI editor team directly.
from glpi.
Enterprise policy does not allow Anonymous Logon so chosing 'No' to Use Bind is not working in my case.
Did you try to set this option to
No
? It will still trigger a certificate binding, so it may not be considered as anonymous logon.
@cedric-anne If I try to set to No
, the Test
menu return Success Test
but I don't see any traffic on wireshark, I wonder what is the test ?
In my knowledge, LDAP binding, for most solutions, is used to authenticate against AD.
The S
in LDAPS is when it encrypts the channel so it will not send the password in plain text. It is independant from binding.
If I use No to Binding, it will just try to bind/authenticate without any credentials, meaning Anonymous logon/binding.
I will use LDAP with Starttls... as I can bind with credentials.
Another thing, I just tested (on the GLPI server) with the basic function in php and it is working, why GLPI php return failed when I chose Bind Yes
?
In my opinion, it look like AuthLDAP need a review because LDAPS + binding (user+password) is not working.
<?php
// using ldap bind
$ldaprdn = 'ro_glpi'; // ldap rdn or dn
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldaps://srvad.enterprise.it.paris.lan")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
php test.php
LDAP Bind successful
from glpi.
@cedric-anne Hello, I found the problem.
- Not working LDAPS configuration
![image](https://private-user-images.githubusercontent.com/126569468/317755678-446a3802-af95-4590-a833-76cca37a3a8d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTY2MjE1MjYsIm5iZiI6MTcxNjYyMTIyNiwicGF0aCI6Ii8xMjY1Njk0NjgvMzE3NzU1Njc4LTQ0NmEzODAyLWFmOTUtNDU5MC1hODMzLTc2Y2NhMzdhM2E4ZC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNTI1JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDUyNVQwNzEzNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03NTliY2UwNzExMDc4NjNmNzM4NGFjNjJiNjdhMDMzNjA1ZGNkMDcyMDBjMmIwNjg1YWFmMzc3NTdlYjY4MTkxJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.UnnwR8w0pjebo4YXTFQEIguWTcxqzimT7gOJavE-hYo)
- Working LDAPS configuration
![image](https://private-user-images.githubusercontent.com/126569468/317758114-dea3850d-a0db-4a11-8649-03a9238c996e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTY2MjE1MjYsIm5iZiI6MTcxNjYyMTIyNiwicGF0aCI6Ii8xMjY1Njk0NjgvMzE3NzU4MTE0LWRlYTM4NTBkLWEwZGItNGExMS04NjQ5LTAzYTkyMzhjOTk2ZS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNTI1JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDUyNVQwNzEzNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT02ODA3Yjg1MWZiYmQ3ODU5MGNjNGJlN2I0NWIwNmU0YzY4MjAzNDdkZGZmMGE2OTI2N2JjYzUwYjYzMGZkZjg0JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.GfunpDpZkW6nthha5PTs9z_NovhqaAGh8P2mgbNboSI)
It was written from the start on the GLPI documentation but my eyes did not see it
GLPI can connect to an LDAP directory through an LDAPS connection. To enable this, prefix your server field with ldaps:// and change the port to the LDAPS one of your LDAP directory (default 636).
Why do we have to specify the protocol ldaps://
in the server
field when we are already setting port
field with 636
.
Then why we don't need to specify ldap://
when it is by default the port 389.
I propose different fixes:
-
Add a condition in the code that checks if the user configures port 636 but did not write ldaps:// in the server field, then a detailed error log informs the user.
-
Change the field description Server to something like this
![image](https://private-user-images.githubusercontent.com/126569468/317765286-0efdc135-c322-4a2b-bcdc-779df9246111.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTY2MjE1MjYsIm5iZiI6MTcxNjYyMTIyNiwicGF0aCI6Ii8xMjY1Njk0NjgvMzE3NzY1Mjg2LTBlZmRjMTM1LWMzMjItNGEyYi1iY2RjLTc3OWRmOTI0NjExMS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNTI1JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDUyNVQwNzEzNDZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03NzRkZTg0YjFlZGZkODIzZDM0NDM4N2YwNWM2YTMyYjQxMDU5Y2E0N2VhOWJlMjIyMjU0MDk4NjExMzMxMjMzJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.IZ5fj-IRcWFmANB2DAfCLB0ZBHd5Kn-pQWxTq7Atz_g)
- Edit LDAP configuration interface:
- replace the port field with an LDAP / LDAPS selection button
- (depending on the choice, it will pre-fill the server field with
ldaps://
and port636
or the default ldap and 389)
from glpi.
Related Issues (20)
- Connection Closed in Receivers / Conexão fechada em Destinatários HOT 2
- The List button is not displayed HOT 1
- [TRADUCTION] Error on French traduction in computer model HOT 1
- It does not show me the whole list of phone lines. HOT 8
- I am facing some troubles trying to use SSO with ldap on Active Directory HOT 1
- Typo in DE translation HOT 1
- Knowlege base paste image failed (Refused to load the image)
- Rights problem to delete a group assigned without the update right HOT 1
- Why the task assignement (User and Group) field is exists
- Right to update ticket for technicien only with the right 'Beeing in charge'
- It's not possible to attach files with the .rar extension HOT 2
- contract statistic link error HOT 7
- The depth of the device cannot be changed HOT 3
- loading favorites takes a long time
- Image issue when sending notifications HOT 2
- Problem with Entities that have multiple users with the same email address HOT 1
- Problems enhancement HOT 4
- "Unknown "version_compare" filter." in template "" HOT 1
- The date/time in field TTR (Time to Resolve) changes automatically
- Prevent an user from having no authorizations profile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glpi.