GLPI - Asset and IT Management Software
-
Just pushed updates to https://git.cloudron.io/jimcavoli/glpi-app that include a fix in the manifest as well as the version to the newly released GLPI 9.5.3
@jimcavoli nice, thanks, gonna check it out soon! I've tried Snipe-IT, but the lack of putting documents/snippets anywhere made it unusable for me. Still using an ancient version of iTop I've packaged at some point for my inventory and docs, but this seems to be a decent replacement.
-
@jimcavoli nice, thanks, gonna check it out soon! I've tried Snipe-IT, but the lack of putting documents/snippets anywhere made it unusable for me. Still using an ancient version of iTop I've packaged at some point for my inventory and docs, but this seems to be a decent replacement.
@msbt Good stuff! Let us know what you think as well. There's a lot of caveats presently, as described above, when it comes to plugins, but the core feature set is pretty good already on its own, so if it's useful enough as an alternative to other systems without extension, perhaps it's worth pressing on.
-
@msbt Good stuff! Let us know what you think as well. There's a lot of caveats presently, as described above, when it comes to plugins, but the core feature set is pretty good already on its own, so if it's useful enough as an alternative to other systems without extension, perhaps it's worth pressing on.
@jimcavoli I've installed that thing the other day and boy, this is a monster compared to my current ITIL solution. Not quite happy with some of the userflow (took me a while to figure out how to make my cloudron user an admin), but I'll play around with it some more.
-
Hi everyone
I’d like to share a first functional draft of GLPI 11 packaged for Cloudron.
It’s not a finished or “official” package yet, but the foundation is already solid and clean, and follows Cloudron best practices.
Git repository:
https://github.com/vitetj/Cloudron-GLPICurrent state
GLPI 11.x
MySQL via Cloudron addon
Persistent data stored in /app/data
Intentional manual installation via CLI script (for safety and clarity)
Cloudron post-install message (red warning box) to guide admins
Idempotent initialization script (
init-glpi.sh)Clean
start.shwith no hidden automationThe goal was to build something that is:
admin-friendly
maintainable
Cloudron-native
explicit rather than “magic”
What’s coming next
I plan to continue improving the package with:
GLPI cron tasks (via Cloudron Cron)
Cloudron SMTP integration
LDAP / SSO
additional hardening and cleanup
better admin documentation
This is very much a work in progress, but I wanted to share early to get feedback from the Cloudron community, especially on:
the installation flow
the manual post-install approach
the overall package architecture
Any feedback is welcome
-
thank you — in GLPI you can fully configure authentication directly via the CLI, since all auth settings are stored in the database.
The idea is simply to inject the configuration at install time, during the app initialization phase, instead of doing anything in the GUI.
In a Cloudron context, that means:
• Enable the ldap addon in CloudronManifest.json
• Let Cloudron inject the LDAP environment variables
• Use the GLPI CLI (bin/console) to create and enable the LDAP directory
• Do all of this inside the init script, once the database is readyExample of what I’m planning to wire into init-glpi.sh:
php bin/console glpi:ldap:create
--default
--active
--name="Cloudron LDAP"
--host="${CLOUDRON_LDAP_URL#ldap://}"
--port=389
--basedn="ou=users,${CLOUDRON_LDAP_BASE_DN}"
--rootdn="${CLOUDRON_LDAP_BIND_DN}"
--rootdn-pass="${CLOUDRON_LDAP_BIND_PASSWORD}"
--login-field="username"
--email-field="mail"
--firstname-field="givenName"
--realname-field="sn"
--use-tls=0This config is written directly to the GLPI database, so no UI interaction is required.
I haven’t tested this end-to-end yet — I’m a bit short on time this week — but from GLPI’s CLI and schema, this should be the correct approach. I’ll validate and clean it up when I have more bandwidth.
-
thank you — in GLPI you can fully configure authentication directly via the CLI, since all auth settings are stored in the database.
The idea is simply to inject the configuration at install time, during the app initialization phase, instead of doing anything in the GUI.
In a Cloudron context, that means:
• Enable the ldap addon in CloudronManifest.json
• Let Cloudron inject the LDAP environment variables
• Use the GLPI CLI (bin/console) to create and enable the LDAP directory
• Do all of this inside the init script, once the database is readyExample of what I’m planning to wire into init-glpi.sh:
php bin/console glpi:ldap:create
--default
--active
--name="Cloudron LDAP"
--host="${CLOUDRON_LDAP_URL#ldap://}"
--port=389
--basedn="ou=users,${CLOUDRON_LDAP_BASE_DN}"
--rootdn="${CLOUDRON_LDAP_BIND_DN}"
--rootdn-pass="${CLOUDRON_LDAP_BIND_PASSWORD}"
--login-field="username"
--email-field="mail"
--firstname-field="givenName"
--realname-field="sn"
--use-tls=0This config is written directly to the GLPI database, so no UI interaction is required.
I haven’t tested this end-to-end yet — I’m a bit short on time this week — but from GLPI’s CLI and schema, this should be the correct approach. I’ll validate and clean it up when I have more bandwidth.
Technical update: LDAP authentication is now working.
The fix was to move the whole LDAP setup into start.sh and make it fully deterministic:
• wait for the MySQL service to be reachable
• inject the LDAP configuration directly into glpi_authldaps using Cloudron-provided env vars
• clear GLPI cache
• run an explicit ldap:syncThis avoids init-time race conditions and inconsistent behavior observed with glpi:ldap:create alone.
Current repo reflects the working implementation.edit : My bad i just fix the marketplace directory permissions with symlink to persistent storage
Should be ok now
-
@vitetj great stuff! I have asked @vladimir.d to look into this so we can get it published. Was there a reason to use LDAP and not OIDC ? https://help.glpi-project.org/doc-plugins/oauthsso ? Also, if we may reuse your work, can you please put in a LICENSE file at https://github.com/vitetj/Cloudron-GLPI ? Any opensource license (MIT, GPL etc) will work.
-
@vitetj great stuff! I have asked @vladimir.d to look into this so we can get it published. Was there a reason to use LDAP and not OIDC ? https://help.glpi-project.org/doc-plugins/oauthsso ? Also, if we may reuse your work, can you please put in a LICENSE file at https://github.com/vitetj/Cloudron-GLPI ? Any opensource license (MIT, GPL etc) will work.
@girish said in GLPI - Asset and IT Management Software:
@vitetj great stuff! I have asked @vladimir.d to look into this so we can get it published. Was there a reason to use LDAP and not OIDC ? https://help.glpi-project.org/doc-plugins/oauthsso ? Also, if we may reuse your work, can you please put in a LICENSE file at https://github.com/vitetj/Cloudron-GLPI ? Any opensource license (MIT, GPL etc) will work.
Hey — thanks!
On OIDC: the plugin you linked (oauthsso) is not free (it’s available through a GLPI subscription / GLPI Network), which is why I went with LDAP for a default setup.
That said, OIDC is definitely on my todo list. There are community/free options we can build on for OIDC SSO, for example:
https://github.com/edgardmessias/glpi-singlesignonAnd yes — happy to help with reuse: I’ll add a LICENSE file to https://github.com/vitetj/Cloudron-GLPI so it can be published/used properly.
