Installing Snipe-IT on CentOS 7 and MariaDB
-
They updated the installer to handle SELinux. I shoudl try again without
setenforce 0
sometime.#Check if SELinux is enforcing if [ "$(getenforce)" == "Enforcing" ]; then #Add SELinux and firewall exception/rules. #Required for ldap integration setsebool -P httpd_can_connect_ldap on #Sets SELinux context type so that scripts running in the web server process are allowed read/write access chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ fi
-
@JaredBusch said in Installing Snipe-IT on CentOS 7 and MariaDB:
I mean FFS, they are already installed a ton of dependencies on CentOS 7 so just install
git
as well, FFS.Even more than a double FFS is needed because they ARE INSTALLING GIT
The level of WTF FFS is so high right now......
-
Pull request submitted.. just holy WTF....
https://github.com/snipe/snipe-it/pull/3734 -
In theory I could have modified the CentOS 6 section also, but I have no easy way to test that so I skipped it.
-
@jaredbusch said in Installing Snipe-IT on CentOS 7 and MariaDB:
Pull request submitted.. just holy WTF....
https://github.com/snipe/snipe-it/pull/3734And merged. so there we go.
-
I got Snipe-IT on CentOS 7 up and running using the above commands and scripts. I'm a bit stuck on getting ldap to work though. I get 'can't contact server' even though doing a manual ldapsearch query on the server works without a problem. 'Test LDAP' on Snipe-IT settings page fails with 'can't contact server'.
I tried looking for logs and such but the only one I could find was laravel log, which only logs login attempts.
Is there a trick to getting ldap to work? Any help would be hugely appreciated
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
I got Snipe-IT on CentOS 7 up and running using the above commands and scripts. I'm a bit stuck on getting ldap to work though. I get 'can't contact server' even though doing a manual ldapsearch query on the server works without a problem. 'Test LDAP' on Snipe-IT settings page fails with 'can't contact server'.
I tried looking for logs and such but the only one I could find was laravel log, which only logs login attempts.
Is there a trick to getting ldap to work? Any help would be hugely appreciated
You might have to turn on httpd_can_connect_ldap
setsebool -P httpd_can_connect_ldap on; -
@black3dynamite said in Installing Snipe-IT on CentOS 7 and MariaDB:
setsebool -P httpd_can_connect_ldap on
You sir, are an absolute genius! I spent hours searching online but didn't see a single mention of that command. Did I miss it somewhere obvious??
I don't suppose you have another trick up your sleeve for getting mail to work? No matter what I try, I get a "Swift_TransportException in StreamBuffer.php line 269: Connection could not be established with host. Permission denied #13".
Tried using internal SMTP relay as well as 365 mail and same permission denied error.
-
Same thing
setsebool -P httpd_can_sendmail on
-
@jaredbusch damn. I've not seen those commands mentioned anywhere. That did the trick to get around the permission thing. Could you point me in the direction of where the mail logs get created? laravel log doesn't show any.
I'm getting a 'Success! Link has been sent', but no email is actually received and not sure where to trace it down further.Nevermind! It's up and running! Thank you!
-
It's weird because their script has the SELinux stuff in it.
-
@stacksofplates said in Installing Snipe-IT on CentOS 7 and MariaDB:
It's weird because their script has the SELinux stuff in it.
Well one of the earlier posts breaks that process because we said to
setenforce 0
prior to running the script.But yeah, that would work if you did not disable it first.
-
@jaredbusch said in Installing Snipe-IT on CentOS 7 and MariaDB:
@stacksofplates said in Installing Snipe-IT on CentOS 7 and MariaDB:
It's weird because their script has the SELinux stuff in it.
Well one of the earlier posts breaks that process because we said to
setenforce 0
prior to running the script.But yeah, that would work if you did not disable it first.
Ah missed that ok.
-
Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.
Once you sync, can't you disable individual users per their Snipe-IT account settings?
-
On another note, it might be worth creating a feature request to simply import only a specific OU.
-
@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.
We have several thousand users, badly organized, so disabling them after a full import would be a pain.
Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.
I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.
We have several thousand users, badly organized, so disabling them after a full import would be a pain.
Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.
I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.
That makes a lot more sense. I'm not aware of any functionality or limits with LDAP, because I've not used it. I'd recommend jumping onto their Gitter page and speak with the developers directly.
-
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
-
@jrc said in Installing Snipe-IT on CentOS 7 and MariaDB:
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
Export from what, SnipeIT?