GLPI Release 10.0.12

A new GLPI version is available.

This release fixes a few security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.12 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • Reflected XSS in reports pages (CVE-TODO)
  • LDAP Injection during authentication (CVE-2023-51446)

Also, here is a short list of main changes done in this version:

  • Regression with entity selector missing cache invalidation
  • Better handling of connection issues during LDAP synchronization
  • The entity selector get significant reduction of load time in some cases

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

New Silver Partner in France: PBS Co.

We are delighted to announce our new Silver GLPI Network partner in France: PBS Co.

PBS Co is a company specialized in:

  • Supply and installation of user, network and security hardware.
  • Maintenance and supervision of computer systems.
  • Network architecture and consulting.
  • Integration of software solutions in a client-server environment.

Website: https://bit.ly/3Sv9QeM

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact_us/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/

Remote Inventory on GLPI Inventory

Collecting inventory data from servers, network devices, and workstations across your company is a challenging task. Initially, this process requires installing agents on every computer. However, there are common obstacles. Perhaps internal policies prevent agents from being installed on all servers, or there’s no centralized installation method. Sometimes, networks are isolated, making it impossible to connect to your GLPI server, or you might simply need to collect data remotely from your network.

Additionally, consider the scenario where data collection is necessary from network devices and printers. This is where the GLPI Agent becomes invaluable. Since its 1.6 version, the GLPI Agent includes a Toolbox plugin. This plugin significantly expands your capabilities, allowing for network discovery and inventory of network devices using SNMP. It also facilitates remote data collection of hosts: Windows through WinRM, Linux via SSH, and ESXi.

The beauty of the GLPI Agent lies in its versatility – all these functions are integrated into a single agent, simplifying what was once a complex and multifaceted task.

All you need before starting is:

  1. At least 1 device with the GLPI Agent 1.6 or above installed and with access to the networks you need to scan
  2. The GLPI Agent Toolbox plugin activated
  3. The list of IP Ranges from the network you want to scan and collect data from

a. If you have many VLANs or want to segment the scans between tasks, you can separate the ranges following your company policies

4. The list of SSH, WinRM and SNMP credentials with administration permissions

The toolbox is not intended to be installed on insecure networks.

After we’ve gathered all this information, You can follow these steps contained in the video below:

  1. Activate the GLPI Agent Toolbox plugin
  2. Activate the navigation bar menus

a. You will need just the 4 menus that are on the documentation:

i. Credentials

ii. Inventory

iii. IP Ranges

iv. Scheduling

3. Create the IP ranges you want to discover and inventory devices remotely

4. Register the SNMP credentials of your devices

5. Register the SSH credentials of your devices

6. Register the ESXi credentials – if you have them

7. Create the scheduling you want GLPI Agent to run – if you want to do it recurrently

a. Even if you want the task to be run just once, we must create a schedule to add to the task

8. Create an Inventory task

a. If you set a huge network, you need to be aware that more time will be needed for the agent to finish its job.

b. threads is the number of remote devices the task will query for at the same time.

i. This can be set higher to make more requests at the same time and keep the task running in a shorter time.

ii. The value must be reasonable, and the right value can depend on the resources allocated to the agent.

c. timeout is the number of seconds before the agent will decide a remote device is not responding.

i. On a local network with devices responding quickly, it can probably be set to 1 second.

ii. On devices located behind a far network or if devices can be overloaded, this may require a higher value.

iii. When have SSH authentication is included, 10s is better, so the agent can wait for the device to respond.

9. Run the task

a. If you activate the debug of the agent to the ID 2, which is the most complete debug mode, you will be able to watch each tentative of the agent to connect to each IP of the range.

In this scenario, we are collecting just information about SNMP equipments, and Linux instances using SSH. For this lab and video, we are not collecting Windows information, even though it is possible if you enable WinRM connections from the host containing the GLPI Agent Toolbox and registering a WinRM credential to the configuration of the agent.

 

Resources

 

https://glpi-agent.readthedocs.io/en/latest/tasks/remote-inventory.html

https://glpi-agent.readthedocs.io/en/latest/plugins/basic-authentication-server-plugin.html

https://glpi-agent.readthedocs.io/en/latest/plugins/ssl-server-plugin.html

https://glpi-agent.readthedocs.io/en/latest/plugins/toolbox-plugin.html#setup

GLPI Agent Toolbox

Webinar by our partner Gold Omnicom – “Service request management supported by GLPI”

We invite you to join this free webinar presented by our Gold partner in Slovakia – OMNICOM, the subject will be “Service request management supported by GLPI

On February 1, 2024 from 10:00 a.m. to 10:45 a.m. presented by Miroslav Hlohovsky CEO, Head of Digital at OMNICOM.

Discover the agenda!

  • Introduction;
  • Overview of GLPI;
  • Service Request Management;
  • GLPI Implementation;
  • GLPI Best Practices;
  • Case Studies;
  • Q&A.

Join their webinar “Service Request Management with GLPI”. Explore GLPI’s capabilities for streamlined service requests. Don’t miss this opportunity to improve your understanding and improve the management of your service requests.

Register for the Webinar!

How to provision and authenticate GLPI users with Azure AD using SCIM and Oauth SSO

In the fast-paced world of technology, managing user identities across multiple platforms can be a daunting task. Imagine a typical day at work, where you’re juggling access to a myriad of systems – from email and intranet to various tools like GLPI, ERP, and CRM. Each time your role changes, or you update your profile – or some other user’s does on theirs – someone from the IT department is burdened with the tedious task of manually updating these details in every system. Not to mention the need of managing multiple passwords for the vast diversity of systems you use on a daily basis. This method is not only time-consuming but also riddled with potential errors.

Now, think of SCIM – or System for Cross-domain Identity Management – as a versatile “translator”, a proactive “messenger”, or an efficient “negotiator” in the digital realm, that streamlines communication between different systems. Instead of someone having to manually go to each system to update your information, SCIM automates this process. When there’s a change in a user’s information, SCIM automatically spreads these updates to all connected systems.

So, SCIM helps companies to efficiently manage user identity information across various systems, saving time, reducing errors, and enhancing security. It’s like having an assistant ensuring that all your information is consistent everywhere, without the need for constant manual intervention.

 

The SCIM Plugin is different from OAuth

It’s common to mistake OAuth capabilities for data synchronization, especially in GLPI instances and User and Groups Directories. While OAuth does provide centralized and secure access permissions, SCIM and OAuth serve distinct purposes, despite their apparent similarities.

Both plugins, when integrated with other credential systems, facilitate access without risking exposure to LDAP infrastructures or complex VPN setups — a critical advantage, mainly for GLPI Cloud Network users connected to Azure Active Directory (Microsoft Entra ID).

SCIM plugin simplifies the management of user information, and depending on the provider, also credentials. Attributes like name, email, roles, and contact information are part of its scope of management and synchronization. It standardizes the way identity information is exchanged between identity providers and service providers without excessive exposition of applications and using secured and trackable API channels between services.

One great use case is to have users using their Azure Active Directory (Microsoft Entra ID) information on a GLPI instance. In addition to OAuthSSO plugin, the credentials are also the same — and the users don’t need to authenticate again if they are already connected to their browsers.

For GLPI Cloud Network customers and those with a GLPI Network Basic (or higher) subscription in an on-premises environment, these plugins offer an unprecedented level of convenience and security in identity management.

Useful links

SCIM plugin for GLPI

How to set up the SCIM plugin with Azure Portal

How to set up the SCIM plugin with Okta

OAuthSSO Plugin for GLPI

How to set up the OAuth plugin to log in to GLPI using Microsoft 365 credentials

New Platinum Partner in France: INFOTEL

We would like to share with you that our partner INFOTEL in France is now a PLATINUM partner!

GLPI Expert Company since 2006, Infotel has a savoir-faire on all phases of a project.
We provide IT system audits, consulting and expertise, setup and integration of software and solutions. Infotel also offers specific plugin development, training and technical support.

Website: https://bit.ly/3Y7SELW

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact_us/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Obtaining many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/