Synchronization GLPI LDAP. GLPI is a very popular ticket (call) system. It has a lot of features that make it competitive with any other ticketing or ICT management system. Some of the features that I have configured before are here.

LDAP Active Directory Connection.

One of the many powerful features of GLPI is the integration with many forms of LDAP. Among them Windows Active Directory (AD). To integrate it you just have to supply your AD server info on the form shown on this picture.

LDAP AD config

If you receive any error about not finding any configuration. You might have the PHP LDAP module missing. So make sure the module is installed.

1. Host LDAP is the address of the server (AD or Openldap) that glpi will use.
2. Basedn is the field that identifies the DN (Distinguished Name) where the search is starting.
3. rootdn (For non anonymous connections): this is for the user authorized to read the Directory (AD or Ldap for example: cn=Admin,ou=People,dc=mycompany make sure not to leave spaces between nodes. This is wrong: cn=Admin, ou=People , dc…)
   
4. Pass (For non anonymous connections): User password.
5. Connection filter: To restrict the search.

You can find more information here, and check out this other example. from https://bartoc3.wordpress.com/2014/02/11/configurar-glpi-con-active-directory-en-windows-server-2012/comment-page-1/

Synchronize AD with GLPI

Only adding that you have a fully functional integration of your AD with GLPI. The problem comes because the synchronization does not happen on periodic basis. It only happens when:

1. The user logs in.
2. Elevation of rights.
3. Manual Synchronization

What if we have AD clients who never login. Let say a customer changes the department. Let say, Client Abraham moves from Research Department to Technical Department. You can easily change the group that the customer belongs to. In the other hand you can have a problem when you want to assign a new job for this customer in GLPI on the new department. You changed AD, but GLPI does not changes automatically. The client has not logged in to GLPI, his rights have not been elevated, so in order to use this customer in the new department. You have to manually synchronize with the AD. By the way doing the synchronization every-time when you have a lot of users can be painful.

Automatic Synchronization (Auto Sync)

To make a periodical synchronization happen the only thing that is requires is to create a chronological task that executes let say every 6 hours (the time you want actually). If you are using Linux that is very simple. GLPI  comes with a script inside that does the synchronization. So if you are using Linux. Just add a cron task that executes that script.

# crontab -e

This opens the cron scheduler file in edition mode. Here you should add something like this:

* */6 * * * php /path/to/GLPI/scripts/ldap_mass_sync.php

Save and you are done. That is it for today. As I said here you can find some more features of GLPI.