snipe-it icon indicating copy to clipboard operation
snipe-it copied to clipboard

Published 20 hours ago verified publisher icon snipe

LDAP - import users into a company

Open JohnBlunden opened this issue 3 years ago • 11 comments

Debug mode

Describe the bug

We have an issue with version 5.2.0

Before installing a new server, we had version 4.7.x and we did not have this issue.

The issue now is that when users is imported with LDAP, there is no "company" set. Under LDAP settings, there is no field for importing that info either. This was not an issue with previous version, but in this version, users cannot accept any assets that is checked out if no company belonging is set. They get a Permission denied error.

It works if we manually edit each user in SnipeIT and set a Company, but that is not a very effective solution in the long run. Is there a way during LDAP import to get the company set right away or is there some setting I cannot find that allows any imported user to be able to accept assets without us first manually setting the company on each user?

On version 4.7.x users could accept assets without having a company set.

Reproduction steps

  1. Have multi company support enabled
  2. Import users using LDAP
  3. Check out an asset to a user
  4. Have the user try to accept the asset

Expected behavior

Not much to add here, just hoping for a solution to my described issue.

Screenshots

SnipeIT_Checkout

Snipe-IT Version

5.2.0

Operating System

Windows server 2012r2

Web Server

IIS

PHP Version

7.4.13

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

Error: Unsufficient permissions!

Additional context

Fresh install

JohnBlunden avatar Feb 18 '22 09:02 JohnBlunden

@inietov can you check and see if/why company is required to accept an asset? It shouldn't be, and I'm not sure where/why that would have changed. (This might be fixed already - they were using 5.2.0 and this issue is old.)

snipe avatar Mar 21 '22 16:03 snipe

Didn't import users with LDAP... but I create the users without company assigned and with full company support activated, couldn't reproduce the issue.

inietov avatar Mar 24 '22 00:03 inietov

@inietov, I think OP missed a detail. His assets might also be assigned to a Company. I noticed that with Full Company Support activated, Users, Assets, Licenses, etc. must all be in the same Company to interact with each other.

Something similar I am facing is that if Full Company is on, users that are not assigned to a Company cannot see their own assets in the View Assigned Assets page. Assigning the user to the same Company as the asset resolves that. However, not all my assets are in the same Company, so I commented out use CompanyableTrait in snipeit/app/Models/Asset.php.

Maybe there is an issue with https://github.com/snipe/snipe-it/blob/master/app/Models/CompanyableTrait.php?

GitHub
A free open source IT asset/license management system - snipe-it/CompanyableTrait.php at master · snipe/snipe-it

kcoyo avatar May 16 '22 19:05 kcoyo

I'm very interested in this feature too. LDAP syncing Company is needed as we are a Group with a top level. Snipe is used at the top of that tree in the owning company. We all use the same AD so an import would be great to bring those companies in and their locations.

Equipment owned by the head company should be able to be checked out to ANY company but some subsidiary companies have their own equipment which belongs just to them.

This seems to be quite common in larger organisations.

g33kphr33k avatar May 17 '22 08:05 g33kphr33k

Same here, We got reports of users not being able to accept and sign for assets that have been assigned to them. Turns out, the company was missing on their user profiles. We have company info in ActiveDirectory by OU as well as company attribute. Would be really great to have this also synced the same way as the other attributes (phone, mail, employee_num, etc).

Our setup:

  • Snipe git installed
  • V6.0.1
  • Debian 10 server
  • PHP 7.4.29

MrMontesa avatar Jun 03 '22 05:06 MrMontesa

Hey @Godmartinz, I think I remember you working on this feature? But I'm not sure, just pinging you to see if you remember something about it from the top of your head. Or maybe it was @uberbrady??

inietov avatar Sep 14 '22 23:09 inietov

Whoops. Got a little enthusiastic with the close button. Sorry

inietov avatar Sep 14 '22 23:09 inietov

I'm very interested in this feature too. LDAP syncing Company is needed as we are a Group with a top level. Snipe is used at the top of that tree in the owning company. We all use the same AD so an import would be great to bring those companies in and their locations.

Equipment owned by the head company should be able to be checked out to ANY company but some subsidiary companies have their own equipment which belongs just to them.

This seems to be quite common in larger organisations.

+1 we have the same requirements.

I think it should be solved like the locations. There is a OU-Setting to move Users directly to the right Location. But at Company-Level there is no such Setting. :(

aj-bi avatar Nov 18 '22 13:11 aj-bi

https://github.com/snipe/snipe-it/pull/12176

aj-bi avatar Nov 25 '22 09:11 aj-bi

I also encountered the problem described in the description, will there be a solution for this follow-up

akeshell avatar Apr 24 '24 09:04 akeshell