search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
10.88k stars 3.14k forks source link

[Feature Request]: Remove non existent LDAP users automatically #14662

Open goni-Seoul opened 4 months ago

goni-Seoul commented 4 months ago

Is your feature request related to a problem? Please describe.

I think It's crucial function to manage IT-asset

Describe the solution you'd like

First of all, Thank you so much for your convenient software.

Whether it is a school or a company, all organizations will have new users and retirement users. This user's entrance and exit are synchronized with Snipe-IT through LDAP. User lists in the Snipe-IT (web environment) should also be automatically deleted after recognizing users deleted from LDAP.

Describe alternatives you've considered

No response

Additional context

No response

welcome[bot] commented 4 months ago

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

swift2512 commented 3 months ago

Retention of deleted users may be good for the item history. (I've been told so...) In my company, AD users are disabled, but never deleted, so I enabled Full Multiple Companies Support in SnipeIT and moved all inactive users to different company. This way all of them are hidden from admins and users assigned to another company.

goni-Seoul commented 3 months ago

Thank you for presenting a good solution. However, the reason I want to delete company users completely is that from a protecting privacy standpoint, I need to delete the personal information of the quitter completely. How your company deal with this issue?

swift2512 commented 3 months ago

As I said, I move retired employees to another company in SnipeIT. This way they are hidden from everyone except super admins. This the only way for me because retired employees aren't deleted from our AD when they leave (I don't know why and I'm afraid to ask.) and they are recreated as users on SnipeIT LDAP update.

If you delete your retired employees from AD when they leave, you'll have to delete them manually from SnipeIT. Making this action automatic, could bring some undesired results, but let's see what devs have to say.