How to set up GLPI and OCS under Microsoft Server 2003 with XAMPP
This section has been adapted from a School environment and another Wiki, there are a number of omissions and formatting errors for which I apologise, please feel free to correct those glaring errors you may see … hopefully this will provide some assistance for first time users.
GLPI and OCS combine very well together and can provide an organisation with a superb helpdesk and inventory package.
At this time, OCS is supported on Microsoft Windows® 2003 Server platform using one single executable. This executable loads a WEB Server (XAMPP) and the OCS package. Whilst there are other ways to load GLPI on a Windows platform this page describes the method using the OCS executable.
- Create a build sheet to store all your pre and post build information.
- You will need a Win2K3 domain server, this can be a virtual machine. The server only needs to be a member server.
- You will need administrative access to your domain (I assume this is obvious but you can never tell…)
- Download the required packages:
- From the OCS website obtain the latest packages (http://www.ocsinventory-ng.org )
- Download OCS Inventory NG Management server for Windows. (Ver 1.3.2 at time of writing) N.B. This has XAMPP
NOTE belowbundled with it.
- Also Download the following packages:
- OCS NG Inventory Agent for Windows [Ver 4.061.1]
- OCS NG Inventory Agent for MAC OSX [Ver 1.1] (if you intend to inventory MAC workstations and laptops)
- OCS NG Inventory Packager for Windows [Ver 1.02 (internal version 188.8.131.52)]
- OCS NG Inventory Agent Deployment Tool [Ver 1.02 (internal version 184.108.40.206)]
- Download GLPI from the GLPI website (http://www.glpi-project.org )
- GLPI (Ver 0.78.1 at time of writing)
User Account Information
- You will need to set up and think about passwords for several accounts. Both within AD and the web aplications themselves.
- OCS NG Inventory (OCS) has a scripted install of XAMPP as well as OCS itself. This is installed from the Windows executable you downloaded.
- GLPI is also a scripted install but requires you to extract it and prepare some information for MySQL.
- Each of the Web applications; XAMPP, OCS, GLPI and MySQL all have associated user accounts that you need to manage. You will need to keep password and login details for a number of different access accounts. I have listed these below so you can think about and prepare password strategies ahead of setting up the accounts. (listed below ).
- In AD you will require at least one account for LDAP connections and authentication. This account should just be a plain domain member. You could also put it in the guests group to minimise damage should it be compromised. You need to give it a strong complex password … you will only be entering the password once in the Web Applications.
- Additionally you will need at least 2 email accounts specifically for Helpdesk Tickets and Messaging. These accounts need to be real and able to send and receive to and from all your users. (1 to receive and 1 to send). I call them helpdesk and support. Call them something that makes sense for your users.
- Here are the accounts in roughly the order you need to configure them, it is best to have passwords etc ready for them so write the details down on your build sheet:
- LDAP USER (I use glpildap - can be anything)
- An AD account you just leave in the Users OU, choose a user name and password and write it on your build sheet
- MySQL Root User (root)
- When XAMPP loads this user is created without any password, you will need this when the OCS installs during the original script/exe
- (After the basic XAMPP and OCS is installed you need to setup Security on XAMPP you will give this user a password at this time.
- OCS Admin user (admin)
- OCS sets up with this default user for initial access
- the default user and password is admin - admin … change the password as soon as possible.
- Before you start running the XAMPP/OCS install you are probably best to set up the user for LDAP and set the Max Page Size in AD LDAP. “see how to do this here” Please note I find that connecting to the domain rather than the IP works better NB use NTDSUTIL help for more information … use ?
- Also you will need to alter the php.ini file when the XAMPP - OCS load is finished and prior to GLPI being set to use LDAP. This is necessary because LDAP is not enabled by default.
Installation of OCS and GLPI
- Begin by gathering all your downloaded packages into a folder on your server, I put them in My Documents for my login account on the server.
- Extract your OCSNG-Windows-Server-Setup ZIP file in the same directory.
- Open AD and create your LDAP user as per your build sheet.
- Open a command prompt and configure your LDAP MaxPageSize if you have more than 1000 users in your school domain (<span style="color:green;">'''''details here'''''</span> )
- Navigate to the newly created folder from your extraction of the zip file, and RUN the setup.exe file.
- You will see a warning dialogue basically saying that setup can't find XAMPP and that it will have to load it … this is what we want to do so 'click' OK
- Accept the licence agreement
- Next you will get a dialogue about the instalation folder - DO NOT change the install folder! The whole OCS script relies on this path (and it is OK to run it from there anyway); so, just accept the default.
- Next; Use a full install with XAMPP and OCS both ticked.
- The installer will extract the required files.
- A command window will pop up with a question about short cuts on your desktop … just hit ENTER (yes)
- Next you are asked to locate XAMPP paths … again just hit ENTER (yes)
- Next you are asked if you want to make a portable XAMPP. We don't want this so just hit ENTER again (no) it's default is 'NO'
- You will see that XAMPP is ready to use - hit ENTER again.
- The installer then sets up time zones (from your server) hit ENTER again.
- The installer then give you 8 choices - choose 'x' to exit
- The OCS install will begin
- Next your browser will open and you will be presented with an OCS web page
- use the following details:
- -:login = root
- -:password = <null> i.e. no password
- -:hostname = localhost
- OCS will then install its database (see notes on this setup ) You may fill in a text field describing the TAG, a string displayed at first launch of the agent to ask the user to enter the TAG Value. It is a generic data field which allows you to sort the computers (geographical site, first floor, john room….). I used FOO. If you don't want this functionality, just leave it blank.
- After you complete this page and enter the details you will be presented with another webpage - 'click' on [ OCS-NG GUI ] to proceed to the login page for OCS.
- At the login page you can login as admin with the password admin.
- OCS is now installed! It has no data, this we will do later. For now just change the admin password and create an administrative user for yourself.
- -To start copy the URL in your browser so you can get back to the site easily when you have to restart the browser.
- -To change the admin password use the purple 'key' icon at the top right of the page. 'Click' the icon and ENTER your new password for admin. (You should have a password ready)
- -The page will expire - restart your browser (you will see dialogues underneath the browser … ignore them for the moment)
- -When your browser is open again paste in the URL and 'login' to OCS with the new password - admin and 'yournewpassword'
- -'Click' on the little yellow face icon (users) near the top right and create your own administrator account.
- -Close the webpage and the browser.
- You will see a completing OCS Setup dialogue. Leave the Review XAMPP Security ticked and 'click' finish.
- Next select English Language in the webpage that opens.
- Read the page and 'click' on fix the problems (xamppsecurity.php)
- The XAMPP security page comes up. Here you will set the MySQL Root user password and .htaccess user and password for the XAMPP directory.
- -To set the MySQL Root password use the top half of the security page. (you should have your passsword ready). phpmyadmin authentication should be set to 'cookie' and the pma user should be set to a random password. NOTE: Make sure you tick the little box so that you get a text file with your password: [c:xamppsecuritymysqlrootpasswd.txt]. Enter your password and 'click' on passwordchanging. You will be prompted to restart MySQL - we will do that shortly.
- -Next we need to use the bottom half of the security page to set a .htaccess user and password (you will then be prompted for these when you attempt to go to the XAMPP directory). It it important to set this security feature up. You should have your user and password prepared. NOTE: Make sure you tick the little box so you will get a text file again. Enter the details and 'click' secure XAMPP.
- -Close the browser again.
- On your desktop you wil see an icon for XAMPP Control Panel. Open this Control Panel.
- Stop and then Start the MySQL service.
- For now this will do for the XAMPP control panel. Use the exit button under Help to close the Control Panel.
- Install GLPI:
- -For this process we will need to create a folder under the htdocs directory which is the web root for xampp.
- -It is also best to create a new SQL user and database for GLPI.
- Navigate to your folder with the downloaded packages.
- Un-zip your download of GLPI intoyour folder. This will contain the web package for GLPI but we will rename the top folder.
- Navigate to c:xampphtdocs and create a new folder that makes sense, I use helpdesk [c:xampphtdocshelpdesk]. It is also a good idea to create a desktop shortcut to your htdocs directory.
- Copy the contents of the unzipped GLPI website without the glpi folder (i.e. all files and folders where index.php is). Copy this into the newly created helpdesk folder.
- Open your browser and navigate to XAMPP (http:localhost) will get you there. Enter your username and password from the security step.
- Select phpmyadmin form the left menu and enter your phpmyadmin root username and the password you created earlier.
- Unless you are really familiar with MySQL and phpmyadmin I suggest the best practice is to create a user and database together.
- -Go to the privileges TAB.
- -Select, create a new user (middle of the page)
- -In the fields give your user the name you decided earlier (i.e. glpi); For the host field select local (localhost) and fill out the 2 fields with your password you have ready.
- -Next in the middle of the page under database for user, select - 'Create database with the same name and grant all privileges'.
- -Now scroll down the page and 'click' GO [Bottom right] This will create a database with the name 'glpi' and a user of the same name with your password.
- -At the top left of the screen 'click' the little green 'exit'.
- In the browser type the path to your new glpi site:
- The GLPI setup will start. Select English (GB) and 'click' OK.
- Accept the licence
- Next choose Installation - 'click' continue
- You will be presented with dialogue boxes to fill out:
- :MySQL server = localhost
- :MySQL User = (your user name created earlier in phpmyadmin) i.e. glpi
- :MySQLPassword = (your user name created earlier in phpmyadmin)
- 'Click' Continue
- Next your SQL connection is tested, Select the database we created with the user i.e. glpi and 'click' continue
- You are presented with a dialogue that tells you that your application is setup and you can login with glpi and glpi.
- 'Click' continue - Installation finished - select 'Use GLPI'
- You are presented with the GLPI login screen.From this point it is better to use the web applications from a client machine due to the browser limitations in 2K3 Server. (You could switch off the Enhanced Security Configuration and configure Java etc. but this is not good practice)
- At this stage OCS and GLPI are installed. We still need to change the GLPI passsword and create another Admin user in GLPI but we can do this from the client machine's browser, which will be better set up to use GLPI with. For now we can close the browser.
- There are three more tasks we should complete on the server, setup a DNS entry for the Helpdesk and make GLPI the root website for XAMPP and enable LDAP in PHP.
- -Create a DNS entry for the helpdesk (GLPI). On your DNS server go to Start|Administrative Tools|DNS. Open your forward lookup zone and create an 'A' record for 'helpdesk' pointing to the IP of the XAMPP server. (On my test server I don't bother with anything other than an A record but you will know your environment and what you need to do for any other functionality)
- -Alter the first site in your XAMPP server to be the helpdesk. To do this on the XAMPP server go to htdocs (you may have a shortcut on your desktop).
- –Open the file index.php with notepad.
- –Locate this line (with notepad it may all be on 1 line) [ header('Location: '.$uri.'/xampp/'); ] and change this to read [ header('Location: '.$uri.'/helpdesk/'); ] ; save the file and exit Notepad.
- –Alter php.ini to allow LDAP. To do this go to the c:xampp directory and open the folder named php.
- –:- Look for the file php.ini.
- –:- Open the file (it should open in Notepad)
- –:- Find the line [ ;extension=php_ldap.dll ] and remove the ';' semicolon from the front of the line
- –:- Save the file and exit Notepad.
- -We need to restart Apache to effect this change.
- -:- Go to the XAMPP Control Panel (icon on your desktop) open the control panel
- -:- stop and start Apache
- -:- exit the control panel.
- Now your website for GLPI (hepdesk) will be accessible from a client with the simple URL of http://helpdesk. And you will be able to use LDAP authentication when we set that up in GLPI.
- From your client machine access the helpdesk in your browser (this should be http://helpdesk) Note: xampp, phpmyadmin and ocsreports are available as sub webs e.g. http://helpdesk/ocsreports)
- Login to GLPI with the user-glpi and password-glpi.
- Change the glpi users password: to do this select the settings menu at the top right, enter the new password and 'click' update.
- Logout (top right) and then login again with the new password.
- Your basic Setup of OCS and GLPI on XAMPP is completed.
Notes on XAMPP
Extract from the XAMPP website:
“The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.
The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment. Since LAMPP 0.9.5 you can make your XAMPP installation secure.”
For this reason it is important to set the security options and to limit the use of XAMPP to just the helpdesk package (OCS & GLPI). I don't recommend using Mecury Mail or the other bundled services.
Information on XAMPP is available from the XAMPP website http://www.apachefriends.org/en/xampp.html
<span style=“color:green;”>back to </span><span style="color:green;">'''''Prerequisites'''''</span>
How to RESET MAX PAGE SIZE for LDAP on your Server
1000 query limit:
There is a maxPageSize limit of 1000 in the windows AD which limits the LDAP query records to a max of 1000. In simple words whenever an LDAP search or query is made to the AD, no more than 1000 records are returned from the directory. This limitation is actually a security design so as to prevent the AD from DOS attacks for LDAP queries. In case less than 1000 users are defined in the AD, no additional work is required but for a large setup this limit needs to be changed at the AD using the “ntdsutil” utility. So the following steps need to be done at your AD to change the MaxPageSize value from 1000 to 5000(or whatever value suits ur requirement).
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server 192.168.1.1 ( here a few messages regarding connectivity are displayed)
server connections : q
ldap policy : show values ( here we will see all the values including MaxPageSize which is 1000 currently)
ldap policy : set maxpagesize to 5000
ldap policy : commit changes
ldap policy : q
ntdsutil : q
After performing above commands GLPI can successfully import more than 1000 users from the AD.
<span style=“color:green;”>back to </span><span style="color:green;">'''''install'''''</span><span style=“color:green;”> ..or.. </span><span style="color:green;">'''''other requirements'''''</span>
OCS MySQL Database
Setup will create “ocsweb” database, and will add MySQL user “ocs” with password “ocs”. It will also grant to user “ocs” privileges “Select | Insert | Update | Delete | Create | Drop | References | Index | Alter | Create temp | Lock” on database “ocsweb”. This user will be used by Administration server and Communication server to connect to the database. N.B. If you do not wish to use the default MySQL user “ocs” with “ocs” password, you must update in the file in the website - “dbconfig.inc.php”. Under PHP constants “COMPTE_BASE”, (which is MySQL user login), and/or “PSWD_BASE”, (which MySQL user password). Don’t forget to also update Communication server configuration, especially in apache configuration file.'
I have never bothered to do this and I doubt that it is necessary in a school environment provided your users don't see or know how the websites are working… really they should only see the GLPI site.
back to install