Installing Snipe-IT on CentOS 7 and MariaDB
-
I got Snipe-IT on CentOS 7 up and running using the above commands and scripts. I'm a bit stuck on getting ldap to work though. I get 'can't contact server' even though doing a manual ldapsearch query on the server works without a problem. 'Test LDAP' on Snipe-IT settings page fails with 'can't contact server'.
I tried looking for logs and such but the only one I could find was laravel log, which only logs login attempts.
Is there a trick to getting ldap to work? Any help would be hugely appreciated
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
I got Snipe-IT on CentOS 7 up and running using the above commands and scripts. I'm a bit stuck on getting ldap to work though. I get 'can't contact server' even though doing a manual ldapsearch query on the server works without a problem. 'Test LDAP' on Snipe-IT settings page fails with 'can't contact server'.
I tried looking for logs and such but the only one I could find was laravel log, which only logs login attempts.
Is there a trick to getting ldap to work? Any help would be hugely appreciated
You might have to turn on httpd_can_connect_ldap
setsebool -P httpd_can_connect_ldap on; -
@black3dynamite said in Installing Snipe-IT on CentOS 7 and MariaDB:
setsebool -P httpd_can_connect_ldap on
You sir, are an absolute genius! I spent hours searching online but didn't see a single mention of that command. Did I miss it somewhere obvious??
I don't suppose you have another trick up your sleeve for getting mail to work? No matter what I try, I get a "Swift_TransportException in StreamBuffer.php line 269: Connection could not be established with host. Permission denied #13".
Tried using internal SMTP relay as well as 365 mail and same permission denied error.
-
Same thing
setsebool -P httpd_can_sendmail on
-
@jaredbusch damn. I've not seen those commands mentioned anywhere. That did the trick to get around the permission thing. Could you point me in the direction of where the mail logs get created? laravel log doesn't show any.
I'm getting a 'Success! Link has been sent', but no email is actually received and not sure where to trace it down further.Nevermind! It's up and running! Thank you!
-
It's weird because their script has the SELinux stuff in it.
-
@stacksofplates said in Installing Snipe-IT on CentOS 7 and MariaDB:
It's weird because their script has the SELinux stuff in it.
Well one of the earlier posts breaks that process because we said to
setenforce 0prior to running the script.But yeah, that would work if you did not disable it first.
-
@jaredbusch said in Installing Snipe-IT on CentOS 7 and MariaDB:
@stacksofplates said in Installing Snipe-IT on CentOS 7 and MariaDB:
It's weird because their script has the SELinux stuff in it.
Well one of the earlier posts breaks that process because we said to
setenforce 0prior to running the script.But yeah, that would work if you did not disable it first.
Ah missed that ok.
-
Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.
Once you sync, can't you disable individual users per their Snipe-IT account settings?
-
On another note, it might be worth creating a feature request to simply import only a specific OU.
-
@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.
We have several thousand users, badly organized, so disabling them after a full import would be a pain.
Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.
I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.
-
@boardinjunky said in Installing Snipe-IT on CentOS 7 and MariaDB:
@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.
We have several thousand users, badly organized, so disabling them after a full import would be a pain.
Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.
I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.
That makes a lot more sense. I'm not aware of any functionality or limits with LDAP, because I've not used it. I'd recommend jumping onto their Gitter page and speak with the developers directly.
-
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
-
@jrc said in Installing Snipe-IT on CentOS 7 and MariaDB:
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
Export from what, SnipeIT?
-
@dustinb3403 said in Installing Snipe-IT on CentOS 7 and MariaDB:
@jrc said in Installing Snipe-IT on CentOS 7 and MariaDB:
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
Export from what, SnipeIT?
Yes, sorry. I meant export from Snipe-IT. We do this in order to comparisons and updates to some things in inventory, helps us locate devices that need to be updated and/or added.
EG - Export all Ipad 4s. Change some fields (location, assigned user etc) then re-import to update the records. This is very usefule when re-assigning iPads from classrooms onto iPad carts, or moving hundreds from one campus to another.
-
@jrc said in Installing Snipe-IT on CentOS 7 and MariaDB:
@dustinb3403 said in Installing Snipe-IT on CentOS 7 and MariaDB:
@jrc said in Installing Snipe-IT on CentOS 7 and MariaDB:
Ok, so I am thinking about giving this a go for our environment. We don't track software licenses, but do track physical inventory (computers, laptops, projectors etc).
I assume I can import my current inventory into Snipe-IT via a CSV process? Can I also export to CSV?
Export from what, SnipeIT?
Yes, sorry. I meant export from Snipe-IT. We do this in order to comparisons and updates to some things in inventory, helps us locate devices that need to be updated and/or added.
EG - Export all Ipad 4s. Change some fields (location, assigned user etc) then re-import to update the records. This is very usefule when re-assigning iPads from classrooms onto iPad carts, or moving hundreds from one campus to another.
I'm not seeing an export functionality from what I have installed, but you can create reports with those details. And then subsequently upload that over your database.
-
Speaking of iPads etc, how are you managing them. Are you using an MDM, apple configurator?
Some combination?
-
Jamf's Casper Suite and DEP. So MDM.
Configurator is not really a management tool, it's a setup tool to get the iPads into the MDM reasonably quickly and with minimal interaction on each device.
-
I'm glad to go over it with you in detail via email or PM if you like.
