As an administrator I can define an automatic LDAP synchronization using the UI

abrix · December 2, 2020, 9:18am

Hi,

What is the problem you are trying to solve?
In most organizations, new AD users and groups should be automatically synchronized, not just by actively triggering of a passbolt administrator.

Who is affected?
Administrators with AD integration

Why is it important and/or urgent?

What is your proposed solution? (optional)
Implement a checkbox for automatic LDAP synchronization ( hourly or custom value? ). This can be implemented as a cronjob like “/etc/cron.d/passbolt_email”.

Best regards,
Alex

remy · December 3, 2020, 10:21am

Hello @abrix it is currently possible to run the LDAP synchronization from command line, and therefore add it to the cron to be run every X hours.

See.

./bin/cake directory_sync all --dry-run

Cron example:

0 0 * * * su -c "/var/www/passbolt/bin/cake directory_sync all" -s /bin/bash www-data >> /var/log/cron.log 2>&1

Ref. https://help.passbolt.com/configure/ldap/ldap-from-configuration-file.html

abrix · December 3, 2020, 3:44pm

Hi @remy,

I read the documentation and added the cronjob as “workarund” to the Docker container. Therefore the periodic LDAP synchronization works for my environment.

This feature request is intended to improve the general usage of the product for other administrators and the overall lock and feel

Cheers
Alex

remy · December 4, 2020, 1:38pm

@abrix Yes I agree this should be part of the UI for administrators. We’ve have some plan to reshape the way the cron tasks works in passbolt so that we can have one command to that runs other tasks than sending emails.