Many features of this application are self-explanatory and so will not be covered here. I will instead attempt to cover only features that may be unclear or have multiple functionalities based on the type of user that is using them.
- PHP-enabled web server (Linux is preferred, though things might work on Windows)
- A MySQL database (InnoDB support is required as of version 2.1)
- A user account with full privileges to the database used for Collate:Network
- LDAP extensions for PHP are required for LDAP authentication (php-ldap package on RHEL/CentOS, php5-ldap on Debian+variants)
- mbstring module for PHP is required for the bulk import feature (php-mbstring on RHEL/CentOS. I think it's included by default in Debian with php5-cli. Please let me know if this is incorrect.)
Installing this program is a two-part process.
Deploy the Application
- Unpack the zip archive you downloaded from Collate.info.
- Browse the folder you have unpacked for '/include/db_connect.php' and update the following settings * Database server's IP Address/Hostname * the database username * the database password * the name of the database for Collate:Network to use
- Now that you have prepared the program, upload it to your webserver.
Deploy/Update the Database
Backup your database before any upgrades!
Once the files have been uploaded, browse to the install.php file on your webserver with any web browser.
Verify the health checks pass, then click install.
If this is a new installation, the necessary tables and settings will be uploaded.
If this is an upgrade, the necessary changes will be made to your database when you click install.
If you're already up to date, a message is displayed that says there's nothing to do.
Note: time stamps in logs are in the time zone PHP guesses the server uses. You can control this in your php.ini. See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
There are currently two methods for authentication available: Database and LDAP.
The database method stores user's passwords as a hash (sha1) in the database. This is a very common authentication method.
The LDAP authentication method simply does an LDAP bind to a server IP address or hostname specified on the settings page. The username must include the domain name in order for Active Directory to recognize it. If you supply a "Default Domain Name" on the settings page and the username does not contain an "@" sign, the domain name will be automatically appended before the credentials are passed to the server. It is recommended that you create an LDAP exempt user before setting the authentication method to LDAP to prevent locking yourself out of the application if your settings are wrong or some other problem exists.
By default, full access is granted for all people browsing the site without logging in. To correct this, go to the Control Panel and use the Settings page to lock the application down. You will find, however, that you cannot do this without first creating a user with Administrator rights and setting a password for this user.
Features in this application divided into five access levels. Though they are specified with numbers within the progam (1-5), they can be named as follows:
- No Access (0)
- Read-Only Acces (1)
- Write Static IPs (2)
- Write Subnets (and static IPs) (3)
- Write IP Blocks (and subnets, etc.) (4)
- Administrator Access (5)
Logs are created by the application for certain important events. Read-only (level 1) events are never logged. Admin events (level 5) are always logged. Some event's importance is determined by you when you set the application permissions. If you determine something needs user verification for access, the application assumes it is important enough to log.
The bulk import feature is accessible from the Control Panel. It accepts a CSV file as input. The only supported character encoding is currently ANSI/ASCII. This is the default scheme used by Microsoft Excel, LibreOffice Calc, and Google Docs outside of some special cases, so this shouldn't be a problem for most people. Please file a bug report if it is a problem for you. The order of the records in the CSV file does not matter, but the parent object for a record must already exist or be in the CSV file in order to import it. For example, you cannot reserve an IP address in a subnet that has not been allocated yet. In the event that there is any problem found during the import, the whole operation is aborted and some helpful message is hopefully given to you. You will not get a partial import.
Format of the CSV
The format is as follows:
block: (5 fields)
subnet: (5 fields)
acl: (4 fields)
static ip: (5 fields)
Here's an example of what a CSV file might contain
'block','Atlanta, GA','10.250.0.0/16','','All subnets for the Atlanta office' 'block','Kalamazoo, MI','10.251.0.0','10.251.255.255','Kalamazoo is a cool name for a town' 'subnet','Kalamazoo, MI','Servers Subnet','10.251.0.0/24','Servers go in here' 'subnet','Kalamazoo, MI','Desktops','10.251.1.0/255.255.255.0','Desktops and printers go in here' 'acl','DHCP','10.251.0.50','10.251.0.150' 'static','Printer-01','10.251.1.151','Desktop Support','This is the printer near the break room'
Note: Empty fields must be represented in the CSV file. For example, a subnet row with and without a note.
'subnet','test block','3rd floor staff','172.16.15.0/24','staff users on the third floor' 'subnet','test block','4th floor staff','172.16.16.0/24',''