SnipeIT-LDAP-Looper
A drop-in tool to assist IT Managers who administer Enterprise AD/LDAP Directories in performing 'bulk-ldap' operations. Specifically, across many base-bind-DNs.
See: Snipe-IT LDAP Documentation
- Create a single column list of Base-Bind-DNs,
ldap-basedn-list.txt - Drop both
ldap-basedn-list.txtandldap-plus-plus.phpinto your Snipe-IT installation. php ldap-plus-plus.php
TODO: consider this a POC towards php artisan snipeit:ldap-feed [ldap-basedn-list.txt]
Also to consider: post-sync operations, such as importing User information to Snipe-IT.Users via the API, or disabling accounts for all non-IT/Asset Management personel.
Implementation Notes
[Step 1]
Create a single column list of Base-Bind-DNs,
'ldap-basedn-list.txt'
*
[Step 2]
For each basedn,
update Snipe-IT DB's settings.ldap_basedn value,
then run LDAP Sync via the command line.
*
[Step 3]
Post-Sync: update each user's phone, department, etc.
(Some fields may be overwritten on stamp.)
*
[Step 4]
Disable all user logins for all non-IT/non-helpdesk staff.
Attention: Prior to machine-gunning users into your Snipe-IT database, this script will try to backup your snipe-it environment before running - however if there is something preventing php artisan snipeit:backup from working, you may be going into dangerous territory without a net! Abandon hope, all ye who use this script willy-nilly!