search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
10.81k stars 3.13k forks source link

[Feature Request]: Can we use php artisan scripts sync ldap with multiple OU? #14872

Open conan522 opened 2 months ago

conan522 commented 2 months ago

Is your feature request related to a problem? Please describe.

Due to there are large users in multiple OU in AD, always get 500 error during ldap sync.

Describe the solution you'd like

Can we use php artisan scripts sync ldap with multiple OU? Create a schedule job run artisan script ldap sync OU one by one. Thanks.

Describe alternatives you've considered

No response

Additional context

No response

snipe commented 2 months ago

Yes, that's possible (and recommended for domains with a lot of users.) Just use the location id parameter after setting up the location OUs.

conan522 commented 2 months ago

But we have multiple OU, not base on loaction. How can deal with it? Can we just use OU parameter for sync command. Such as the smaple " php artisan snipeit:ldap-sync --OU OU=Account1,DC=ABC,DC=COM"

uberbrady commented 2 months ago

You want to use --base_dn=OU=Account1,DC=ABC,DC=COM - that should probably do it.

JasonZhang0320 commented 2 months ago

I'm facing similar issues.

Basic Situation of Our AD We use a single-domain AD with different OUs to manage multiple companies. Each company has several department OUs. Each department OU has users from various office locations. For example:

User1 Path: example.com\company1\c1_dept1\User1 Location: City A

User2 Path: example.com\company1\c1_dept2\User2 Location: City A

User3 Path: example.com\company1\c1_dept2\User3 Location: City B

User4 Path: example.com\company2\c2_dept1\User4 Location: City C

User5 Path: example.com\company2\c2_dept2\User5 Location: City B

User6 Path: example.com\company3\c3_dept1\User6 Location: City B

User7 Path: example.com\company3\c3_dept2\User7 Location: City D

User8 Path: example.com\company3\c3_dept2\User8 Location: City D

Problems with LDAP AD Sync Can't Set LDAP Search OU for Location: Setting an LDAP Search OU causes incorrect location information for some users, so we're currently setting this manually.

Can't Set Company Information by OU: We can't automatically set the company information for users based on their OU, so this is also done manually.

Sync Overwrites User Location Info: If we sync the AD structure (manually or automatically), it overwrites the location information we manually set for users.

If we don't sync the AD, new AD users aren't added automatically.

conan522 commented 1 day ago

You want to use --base_dn=OU=Account1,DC=ABC,DC=COM - that should probably do it. You mean run script as "php artisan snipeit:ldap-sync --base_dn=OU=Account1,DC=ABC,DC=COM". Why did not work for me? No error message, but no data have updated.