Mind that 389 is not encrypted; in the end port 636 (SSL/TLS enabled) would bemore secure. Does it literally givve you a "local IP"? What exactly do you specify? You can always try to make the host more specific: ldaps://ldap.demo.com:636
For 636, start_tls may be necessary.
Are you only struggling when using the API, or also when trying to sign in to iTop?
For the LDAP data collector:
There's at least some form of issue with an untrusted SSL certificate (it seems for iTop)? You should be able to ignore this kind of error. Alternatively, make sure your web server trusts this SSL certificate.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
root@debian:/var/www/html/extensions/ldap-data-collector# php collectors/bin/ldap-test.php
List of the attributes to retrieve (taken from the mapping):
samaccountname,sn,givenname,mail,telephonenumber,mobile,title,employeenumber,memberof
Use --attributes=x,y,z to retrieve x, y and z instead. Use --attributes=* to retrieve all fields. [2024-01-24 21:20:09][Debug] ldap_bind() Ok.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
From Web:
https://local/webservices/rest.php?login_mode=form&version=1.0
code 1
message "Error: Invalid login"
From cmd:
root@debian:/var/www/html/extensions/ldap-data-collector# php toolkit/testconnection.php
curl_init exists: 1
Problem opening URL: https://local/webservices/rest.php?login_mode=form&version=1.0
error msg: SSL certificate problem: self signed certificate
curl_init error code: 60 (cf https://www.php.net/manual/en/function.curl-errno.php)
AD user is imported to iTop, but cannot autentificate to iTop portal, cofig:
<parameters>
<itop_url>https://local/</itop_url>
<itop_login>itop-ldap-data-collector</itop_login>
<itop_password>itop-ldap-data-collector#R6</itop_password>
<itop_token>
<itop_login_mode>
<synchro_user>srv-iTop-ldap</synchro_user>
<ldapuri>ldap://AD-IP:389</ldapuri>
<ldapdn>DC=local,DC=com</ldapdn>
<ldaplogin>CN=srv-iTop-ldap,OU=usr,OU=local,DC=com</ldaplogin>
<ldappassword>pwd</ldappassword>
<page_size>1000</page_size></itop_login_mode></itop_token></parameters>
You're asking 2 different things.
For the authentication in iTop (authent-ldap):
Mind that 389 is not encrypted; in the end port 636 (SSL/TLS enabled) would bemore secure. Does it literally givve you a "local IP"? What exactly do you specify? You can always try to make the host more specific:
ldaps://ldap.demo.com:636For 636, start_tls may be necessary.
Are you only struggling when using the API, or also when trying to sign in to iTop?
For the LDAP data collector:
There's at least some form of issue with an untrusted SSL certificate (it seems for iTop)? You should be able to ignore this kind of error. Alternatively, make sure your web server trusts this SSL certificate.
thx for answer! when trying to sign in to iTop with LDAP user
and
log file:
ldap_authentication: bad LDAP server configuration: 'local-IP' not found | IssueLog |||
SO, are you sure "local-IP" can be reached by the iTop web server; and the ports are open?
Yes, Local-IP reached iTop server, what port 389?
root@debian:/var/www/html/extensions/ldap-data-collector# php collectors/bin/ldap-test.php
List of the attributes to retrieve (taken from the mapping):
samaccountname,sn,givenname,mail,telephonenumber,mobile,title,employeenumber,memberof
Use --attributes=x,y,z to retrieve x, y and z instead. Use --attributes=* to retrieve all fields.
[2024-01-24 21:20:09] [Debug] ldap_bind() Ok.