GLPI Access for Medulla

Applies to: Medulla / GLPI
Medulla version: All
GLPI version: 10.0.x
Environment: On-Premise
Category: GLPI Integration

If Medulla is already installed on your infrastructure and you wish to connect GLPI at a later time, please follow this documentation and then go to:
https://docs.medulla-tech.io/books/medulla-faq/page/glpi-connecter-un-glpi-externe

Background

To enable Medulla to synchronize devices, users, and information from your GLPI environment, several prerequisites must be met before installation.

This FAQ describes the steps required to properly prepare for the integration between Medulla and GLPI:

Access to the GLPI database
Network connectivity
GLPI API configuration
Creation of the tokens required for authentication
Selecting the level of interaction between Medulla and GLPI

1. Access to the GLPI database

Medulla requires access to the GLPI database to retrieve inventory and synchronization information.

Create a MySQL/MariaDB user dedicated to Medulla with:

Full access to the entire GLPI database
Permissions tailored to your security policy

Read-only mode

If you provide a user with read-only access to the GLPI database, you will need to manually apply an SQL file before installing Medulla.

This file creates the SQL views required for Medulla to function.

Download and apply the following file to your GLPI database:

https://dl.medulla-tech.io/nc/glpi-100.sql

Important:
These SQL views are required to ensure that Medulla works properly with read-only GLPI access.

Be sure to also verify the permissions on these views.

Read/Write Mode

If you grant write access to the GLPI database, Medulla will automatically create the necessary views during installation.

In this mode, no manual action is required regarding the SQL views.

2. Network Connectivity

The Medulla server must be able to communicate with the server hosting the GLPI database.

Check the following:

Item	Expected Value
MySQL/MariaDB Port	`3306` (or custom port)
Network communication	Medulla Server → GLPI Server
Firewall	Traffic allowed between the two servers

Note:
If the MySQL port is blocked by a firewall or a network ACL, Medulla will not be able to communicate with GLPI.

3. Configuring the GLPI API

Medulla also uses the GLPI API to perform certain synchronization operations and interact with GLPI.

A. Create a GLPI API user

Create a user dedicated to API calls in GLPI.

In GLPI:
Administration → Users

Create a standard user (username / password).

Official GLPI documentation on user profiles:

GLPI Documentation – User Profile Management

Recommended configuration

Setting	Recommended value
Type	Standard User
Profile	`Read-Only` or `Super-Admin`
Entity	Root entity
Recursive mode	Enabled

GLPI User Profile Selection

Read-Only Mode

The Read-Only profile allows Medulla to retrieve GLPI data for use within Medulla.

In this mode, Medulla will be able to:

Read devices
Read users
Read entities
Process inventory information
Synchronize data to Medulla

Read-Only Mode Limitations:
Data can be retrieved and used in Medulla, but cannot be modified in GLPI.

The following actions will not be possible from Medulla:

Create GLPI users
Delete GLPI users
Create entities
Delete entities
Create computers
Delete computers
Edit objects in GLPI

All administrative tasks must be performed directly in GLPI.

Super-Admin Mode

The Super-Admin profile allows Medulla to fully interact with GLPI.

With this profile, Medulla can directly manage certain GLPI elements without going through the GLPI interface.

The following operations will be possible from within Medulla:

Create and delete users
Create and delete entities
Create and delete computers
Modify GLPI objects
Automate certain synchronizations

Recommendation:
Use a Read-Only profile when Medulla only needs to view and use GLPI data.
Use a Super-Admin profile if you want to administer GLPI directly from Medulla.

Once the user has been created, generate the API user token:

user_token

Important:
Save this token; you’ll need it when configuring Medulla.

B. Create a GLPI API client

Next, create an API client named:

MMC

In GLPI:
Configuration → General → API

Official GLPI documentation on configuring the REST API:

GLPI Documentation – REST API

Create a new API Client, then generate the application token:

app_token

Important:
This token is required for Medulla to use the GLPI API.

Summary of required information

Item	Required
GLPI MySQL/MariaDB Access	Yes
SQL port open	Yes
GLPI API User	Yes
`user_token`	Yes
`MMC` API Client	Yes
`app_token`	Yes
SQL file (read-only mode)	Yes, if read-only access to the database

Default values

Element	Value
GLPI SQL Port	`3306`
API Client Name	`MMC`
Supported GLPI Version	`10.0.x`
Read-Only SQL File	`glpi-100.sql`

Network Prerequisites for Medulla SaaS

FLUX Test

Firewall

Active Directory

I already have a PXE server on my network—is that a problem?

Simplified Medulla Flowchart

OIDC

DNS Views and Medulla Relay in the DMZ

Filter machine types by GLPI ID

GLPI Access for Medulla

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Activation Support / WSUS / CVE / Shop

Rename the FQDN and Switch to HTTPS on Medulla

Changing the SSH Port Between Server and Workstation

GLPI - Connecting an External GLPI

SUPPORT - Access

Installing Medulla on an OVH Virtual Private Server (VPS)

Client Workstations (Status & Visibility)

Packages

Remote Maintenance & Getting Started

Set the agent to Debug mode

Windows Agent Issue

Introduction

The ACLs

The ACLs (continued)

Console & Administration

Increase the Web session timeout (MMC / XMLRPC)

Retrieve the root password for the Medulla interface

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Workstations (Status & Visibility)

GPO

Reconfigure My Agent

Generate Windows and Linux agents

Linux MINT Distribution Agents

Uninstalling a Medulla Agent (Versions earlier than 5.5.2)

Uninstalling a Medulla Agent (Version 5.5.2 and later)

How do I force a reconfiguration of Medulla agents?

Duplicate MAC Addresses

Check the connection from the agent to the server

WithSecure alerts regarding PAExec used by Medulla

Architecture and Deployment of Medulla Relay Servers

Procedure for Adding Relays to Dedicated Medulla SaaS

Medulla Update - 5.4.x to 5.5.x

Services

Imaging Prerequisites

Imaging - Davos Debug

Imaging - Debug

Where are Medulla imaging masters stored?

About the Masters

An unknown machine does not appear in Medulla or GLPI after Register PXE

Copying Imaging Profiles

How the WSUS Tool Works

Module Update (WSUS) is unavailable after enabling AES protection for update catalogs

GLPI Access for Medulla

Background

1. Access to the GLPI database

Read-only mode

Read/Write Mode

2. Network Connectivity

3. Configuring the GLPI API

A. Create a GLPI API user

Recommended configuration

Read-Only Mode

Super-Admin Mode

B. Create a GLPI API client

Summary of required information

Default values