thank you thank you. I've no idea what I've stumbled across here on this site but you guys have been awesome and the only real help I could find. Much appreciated!

@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.

We have several thousand users, badly organized, so disabling them after a full import would be a pain.

Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.

I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.

Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.

@dustinb3403 I'm able to get a single group to import via LDAP but I can't restrict login to ONLY that group.

We have several thousand users, badly organized, so disabling them after a full import would be a pain.

Ideally I'm looking to import a specific group via LDAP, which works at the moment, and then ONLY allow that group to login, which doesn't work. Anyone from the base DN can also login. I could turn off LDAP integration after doing the initial sync I guess but that means the passwords won't match after they change their AD ones.

I feel like this SHOULD be possible but I'm not sure if I'm missing something obvious again in the settings.

Is it possible to restrict sign-in to only a specific group in AD? The ldap filter only seems to apply for ldap import. No matter what base DN I pick, every user is able to login and account gets created. Eg, only allow login for staff group and not students.

thank you thank you. I've no idea what I've stumbled across here on this site but you guys have been awesome and the only real help I could find. Much appreciated!

@jaredbusch damn. I've not seen those commands mentioned anywhere. That did the trick to get around the permission thing. Could you point me in the direction of where the mail logs get created? laravel log doesn't show any.

I'm getting a 'Success! Link has been sent', but no email is actually received and not sure where to trace it down further.

Nevermind! It's up and running! Thank you!

@black3dynamite said in Installing Snipe-IT on CentOS 7 and MariaDB:

setsebool -P httpd_can_connect_ldap on

You sir, are an absolute genius! I spent hours searching online but didn't see a single mention of that command. Did I miss it somewhere obvious??

I don't suppose you have another trick up your sleeve for getting mail to work? No matter what I try, I get a "Swift_TransportException in StreamBuffer.php line 269: Connection could not be established with host. Permission denied #13".

Tried using internal SMTP relay as well as 365 mail and same permission denied error.

I got Snipe-IT on CentOS 7 up and running using the above commands and scripts. I'm a bit stuck on getting ldap to work though. I get 'can't contact server' even though doing a manual ldapsearch query on the server works without a problem. 'Test LDAP' on Snipe-IT settings page fails with 'can't contact server'.

I tried looking for logs and such but the only one I could find was laravel log, which only logs login attempts.

Is there a trick to getting ldap to work? Any help would be hugely appreciated