New and updated version for Debian Stretch and OCS Inventory NG server 2.5 can be found here!

 

 

In this easy tutorial we will install and configure OCS-NG Server. If you want to know what OCS-NG is, please read below and visit product site.

Table of contents:

  1. What is OCS-NG
  2. Requirements for this tutorial
  3. Installation
  4. LDAP Patch
  5. Finish!

1. What is OCS-NG

Open Computers and Software Inventory Next Generation is a technical management solution of IT assets.
Since 2001, OCS Inventory NG tries to make the automated inventory of computer hardware more efficiently .
Today, our solution not only extends to the inventory. It includes a sophisticated deployment system, interfacing with third tier applications, a network devices scans, and more…

Full description on ocs-ng project home page: http://www.ocsinventory-ng.org/en/

Highlights

  • Lightweight bandwith usage and small OS footprint.
  • High performance: about 1 000 000 of computers inventoried per day using a server bi-Xeon 3 GHz and 4 GB RAM.
  • Based on well known products such as Apache web server, MySQL database server, PHP and PERLscripting languages.
  • Modular solution with lot of plugins and interfacing with others IT and Asset Management Software like GLPI.

 2. Requirements for this tutorial

Software

In this tutorial we will need following peaces of software:

I strongly recommend running this install inside of virtual machine since wiping it, reformatting or restarting is much faster than on standalone server:)

I performed all steps few times inside virutal environment (Vsphere 5.5 hypervisor aka esxi) but this should apply for any other environment.

Hardware/vm requirements

Our machine should have at least:

  • 1 (v)CPU with 2 cores
  • 2Gigs of RAM
  • 1 Gigabit Ethernet
  • 16GB of storage

Once again, I assume installing it in virtual environment so things like vm-tools will not be necessary to install on standalone servers. I will not cover how to install ESXi or VMWare Player since it’a a material (especially ESXi) for complete series of guides:)

3. Installation

To be honest installation is quite simple since all packages are available for Debian 8.x (Jessie). We don’t need to compile anything from sources and manually register or install dependencies. That saves us quite a bit of work. I know that on some other Linux distros installation might go more straightforward but I’m used to Debian and feel quite comfortable in this environment.

Installation consists of three main steps:

  1. Installation of Debian OS
  2. Installation of required packages
  3. Installation of OCS-NG

Installation of Debian OS

  1. Burn Debian ISO to disk or mount is as cd/dvd in VM
  2. Boot from above
  3. Select to install Debian in 64bit version with minimum options: SSH Server, system utilities. Do not install WWW, DB or other services.
  4. Rest of the options like language or partitioning leave with their default settings.
  5. Reboot and login to shell
  6. Now, we need to install required packages in order to be able to perform rest of the steps. Of course all installs must be performed with root privileges.
  7. Lets type some commands, at last!:

Installation of required packages

Update repositories:

Install Open VM Tools – they simply work better than original VM-tools from VMWARE.

After above it’s good to restart the VM. Good old Windows school :)
Now, install rest of the packages (system utils):

Install Apache2:

Now, packages for it:

Restart Apache with the following command:

Continue with installation of packages:

Configure CPAN:

Install Zip package for perl:

Now, install MySQL:

After typing above command you will have to specify root and admin password for MySQL server. Note them somewhere.
As addition to MySQL I like to have visual representation of databases so lets install phpMyAdmin:

Now, we need to link phpMyAdmin to Apache to be able to actually use it:

After that restart apache or even the whole server:

Now, you should be able to access your new server at:

  • http://localhost – default apache landing page
  • http://localhost/phpmyadmin – MySQL phpMyAdmin management suite

Good idea (in case of troubleshooting and config checks) is to place a little apache info file in WWW Root. It will display all apache info in one place. This can be very useful for monitoring changes in apache config, loaded modules etc. So let’s add this file:

New screen will appear
Paste below code into it, press CTRL+X and then confirm changes by pressing Y and then ENTER:

Now, by navigating to:
http://localhost/info.php
you will have a nice view at whole apache config. I personally find it very useful. Of course, after setting up everything remove this file for security reasons.

Installation of OCS-NG Server

Installation of server itself is quite simple. OCS team provided us a nice install script that does pretty much of everything for us. If all required packages are available and running user has root privileges all should go hassle free.

First of all we need to download latest build:

Then extract it somewhere. Might be your current dir if you are in for example in /home/ or /tmp/:

Enter new directory and execute:

Now install script should configure pretty much for you. At one point you will have to answer non default way:

  • When script will ask about main apache conf file. If you didn’t change anything paste this:/etc/apache2/apache2.conf*
  • When script checks: Checking for Apache Include configuration directory…, paste this: /etc/apache2/sites-enabled*
  • Script will ask if you want to use SOAP extensions and more likely report that libraries are missing. Just continue.

*this might be found in info.php results :)

Script should finish with a message that apache service needs to be restarted. We will do it in few moments.

Now it’s good time to fix some permissions:

Now, restart apache:

After this there is OCS server is almost ready.
Navigate to:
http://localhost/ocsreports
You should get install screen for OCS. Type in:

  • root user for mySql
  • root pass for mySql
  • name of database: I use default: ocsweb
  • hostname of mySql: localhost (since it all runs on one server)

Now you will get screen, that DB needs to updated. Press Perform the update. After upgrade you will be able to login to OCS server by typing admin as user and password.

Ok, back to command line. Installer sets default user and pass for ocsweb DB as ocs/ocs. It’s ok for test environment, but in production we need to change it.

  1. Login to phpMyAdmin with DB root login and pass
  2. Find users TAB in main windows
  3. Note, that there will be two ocs users, click on ocs@localhost (or whatever the host is)
  4. Click Edit Permissions
  5. Click Change password
  6. Change password and submit changes.

Now, OCS will stop working. It’s ok. Now we need to change password in OCS config:

Now OCS reports should be running again.
Now, just delete install script by typing following command:

Base OCS is now installed and running:)

4. LDAP Patch

As you should know by now, ocs supports external authentication through LDAP to Active Directory. It is very useful since you do not need to define users inside ocs, manage passwords etc. LDAP configuration tutorial is provided by OCS team on their wiki page: http://wiki.ocsinventory-ng.org/index.php/Documentation:OCSsynchroLDAP.

Above tutorial is quite simple, but I found group checking a little not working after setting all according to it. Basically all configuration is covered in it and you must follow it to enable LDAP. Just after enabling I encourge you to patch it a little to avoid:

  • every LDAP authenticated user may login to ocs (no matter if he/she has specifed LDAP group)
  • user with ldap group is added to local users DB. After removing user from group or group from user – he/she is still able to login
  • LDAP user is granted specifed rights no matter if he/she is member of a specifed group or not

I think I have managed to fix this a little by editing 2 files:

  • /usr/share/ocsinventory-reports/ocsreports/backend/AUTH/auth.php
  • /usr/share/ocsinventory-reports/ocsreports/backend/identity/identity.php

Changed sources are attached below:
/usr/share/ocsinventory-reports/ocsreports/backend/AUTH/auth.php:

/usr/share/ocsinventory-reports/ocsreports/backend/identity/identity.php:

You may also download it here:https://miloszengel.com/downloads/ocsng/ocsng-ldap2.2-fixed.zip
Fix permissions for /usr/share/ocsinventory-reports/, by issuing below command:

Now, one last restart of the apache (just to make sure everything is working):

It wasn’t so hard, wasn’t it :) ?

5. Finish!

That is pretty much all. One more thing is important. Users authenticated by LDAP are added to local user DB (this is by desing). In order to restrict only users who are members of specifed AD group to be able to login and get proper permissions local authentication must be switched off by setting  $list_methode=array(0=>”ldap.php”); in both, AUTH/auth.php and identity/identity.php. Otherwise users once added to local DB after successful login will still be able to login even after removing AD group membership because, they are already in local user DB. Switching local authentication ensures that only AD users with proper AD group are allowed to login. This might be little problematic if AD source is not available, but in that case just re-enable local authentication in above files and you will be able to login using local accounts like admin, etc.

Thank you for reading this tutorial as it’s my first one. I hope you enjoyed it. That being said, I encourage to leave a reply.

I will cover switching to SSL in next part allowing you to enable deployment feature which is quite powerful if used right.

Enjoy :)

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]