# Setting up LDAPS Google

This procedure guides you step-by-step through configuring LDAPS with Google and connecting it to GLPI.

{% hint style="warning" %}
LDAPS with Google requires a specific license. Please refer to [Google Support](https://support.google.com/a/answer/6043385) to verify if your license is sufficient.
{% endhint %}

4 steps are necessary to correctly configure your LDAPS.

1. Add a new LDAP client
2. Configure access permissions
3. Create a certificate
4. Connect your LDAP client to GLPI

## Add a new LDAP client

### Application Creation

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FWYsdy7kMqvGWckpxMSYJ%2Fview_ldaps.png?alt=media&#x26;token=475ee81f-3b8d-4109-9c20-384d869e650e" alt=""><figcaption><p>Add a Google LDAP client</p></figcaption></figure>

* From the [Admin Console](https://admin.google.com/), navigate to **Apps** > **LDAP**
* Click **Add Client**
* **Name** the client and add a description if needed
* Click **Continue**

## Configure Access Permissions

You must then set the level of access this LDAP client will have.

<div align="left"><figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FX755tNk7J7wqIflUkeBy%2Fpermissions_ldaps.png?alt=media&#x26;token=4c1f61ba-aa36-4e16-bf0f-ddbcbb0c7750" alt="" width="563"><figcaption><p>Manage application permissions</p></figcaption></figure></div>

### Verify user credentials

When a user tries to sign in to the application, this setting specifies which organisational units and groups the LDAP client can access to verify the user’s credentials. Users who aren’t in a selected organisational unit and groups can’t sign in to the application.

<a href="https://support.google.com/cloudidentity/answer/9058751?hl=en-GB#user-credentials" class="button secondary">More info</a>

### Read user information

This setting specifies which organisational units the LDAP client can access to retrieve additional user information.

<a href="https://support.google.com/cloudidentity/answer/9058751?hl=en-GB#user-credentials" class="button secondary">More info</a>

You can also select the attributes that can be read by the LDAP client:

* System attributes
* Custom public attributes
* Custom private attributes

Click View attributes to check each category of each attribute.

### Read group information

This setting specifies whether the LDAP client can check a user’s group memberships for purposes, such as a user’s role in the application.

<a href="https://support.google.com/cloudidentity/answer/9058751?hl=en-GB#user-credentials" class="button secondary">More info</a>

Once all these options are configured, click **Add LDAP Client**.

## Create a Certificate

* The certificate is logically generated upon application creation. If not, click on your application and go to the **Authentication** section.

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FdB6UU0CI578Fho692rtF%2Fgenerate_certificate.png?alt=media&#x26;token=11ef1984-c4c3-41cd-be1e-977f960d5d8d" alt=""><figcaption><p>Generate a certificate</p></figcaption></figure>

* Then click **Generate new certificate**.
* Download the certificate and its key, transfer it to the GLPI server, and unzip it into the desired folder.

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FDnhPfYHN8hTufIIXiMVo%2Fdownload_certificate.png?alt=media&#x26;token=ee739120-ba3a-4db7-9fba-28c25edfa700" alt=""><figcaption><p>Download the certificate</p></figcaption></figure>

## Connect Your LDAP Client to GLPI

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2F6yEHjGvDVTdjqAnQ9bBi%2FLDAPS_GLPI.png?alt=media&#x26;token=d531ce2b-bc38-4458-bc67-f808bda4f332" alt=""><figcaption><p>Add LDAPS from GLPI</p></figcaption></figure>

* From **Setup**> **Authentication** > **LDAP Directory**, click **`+ Add`**
* Enter the information related to your LDAPS:
  * **Server**: `ldaps://ldap.google.com`
  * **Port**: `636`
  * **BaseDN**: Enter your domain (e.g., `dc=my_domain,dc=com`)
* Click **`+ Add`**
* From the **Advanced Information** tab, enter the path to the certificate and its key in the corresponding fields (refer to the previous step if needed).

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FcEIPq5keS8AeB7TMYldw%2Findicate_certificates.png?alt=media&#x26;token=aa3a3d95-6edf-43f1-a8c0-5fe43673c734" alt=""><figcaption><p>Add certificates from GLPI</p></figcaption></figure>

## Test LDAPS

* Go to the **Test** tab to verify that your LDAPS is functioning correctly.

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FcYP4kkNyB3d0Qdn4631f%2Fldaps_test.png?alt=media&#x26;token=1a70e4ae-effb-40fc-b560-7c89be53b447" alt=""><figcaption><p>Test your LDAPS</p></figcaption></figure>

You can now go to **Administration** > **Users** > **LDAP Directory Link** and import your users and groups.

<figure><img src="https://2961961068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsGALtnzA2IROeldmXKt5%2Fuploads%2FCFnVpCi0IUIBw8mV3sdL%2Fimport_users.png?alt=media&#x26;token=47d613e8-b1e8-41c2-af52-1b7c5b9d57cb" alt=""><figcaption><p>Import users from LDAPS</p></figcaption></figure>