snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
11.19k stars 3.2k forks source link

LDAP-Sync for companies #10161

Open gerhag opened 3 years ago

gerhag commented 3 years ago

Snipe-IT Version

5.2.0

Operating System

Debian 11

Web Server

Nginx

PHP Version

7.4

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Currently, there is no field in the LDAP-Sync configuration to map a LDAP-Attribute to a company object in Snipe-IT.

Describe the solution you'd like A clear and concise description of what you want to happen.

For the purpose of using the multi-tenancy functionality that is implemented in Snipe-IT, it would be great for environments that have their tenants replicated in their LDAP-Directory, to map LDAP-User attributes where the tenant is specified, to the company object in Snipe-IT, when Full Multiple Companies Support is activated.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Otherwise you'd have to touch every LDAP-User after they have synced and assign them to a company, either by hand or API.

Additional context Add any other context or screenshots about the feature request here.

We are planning to use Snipe-IT in the educative sector, where we need to manage 32 schools and over 15000 users each having their own device, plus many other devices for different purposes. Snipe-IT and its features fits our needs perfectly and even brought some great features to the table that we haven't even considered before. But as we handle every school in one Master LDAP-Directory each separated as their own tenant, a LDAP-Sync field for company's will be necessary, unless we consider to detour around this and assign company's to users by using the REST API, which isn't ideal in a syncing process.

welcome[bot] commented 3 years ago

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

aqvila2k18 commented 3 years ago

I fully support the creation of this feature. plus a tree structure with access inheritance

gerhag commented 3 years ago

I'm looking for a workaround concerning this request, is it possible to only select users through API that aren't assigned to a company, essentially where the company_id is null ?

Trying this example and other variations of it doesn't seem to do the trick: curl --request GET --url https://<snipe-it>/api/v1/users?company_id=null --header 'Accept: application/json' --header 'Authorization: Bearer <myKey>'

Probably because the API expects an integer. Writing this I figured selecting these user's directly through mysql wont hurt, but if there is a way to handle this with the REST API, I'd like to know.

ruddens commented 3 years ago

..."plus a tree structure with access inheritance"

+1 on that! :)

We need more data fields to be updated from the LDAP/AD sync...

gerhag commented 3 years ago

On the roadmap for Snipe-IT v6 is a rewriting of the LDAP System mentioned, so this issue could be solved if the update hits. I'll crosscheck and update/close this issue when the release is official.

ruddens commented 3 years ago

On the roadmap for Snipe-IT v6 is a rewriting of the LDAP System mentioned, so this issue could be solved if the update hits. I'll crosscheck and update/close this issue when the release is official.

Thanks!

arippe93 commented 1 year ago

+1

vaneess commented 1 year ago

is this still on the roadmap? i've just updated to Version v6.0.14 - build 9236 (master) but company is not synced. i'm not sure if this https://github.com/snipe/snipe-it/pull/12176 is the same thing we're discussing here?