Snipe-IT Asset Management Installation Documentation

Welcome to the Snipe-IT documentation hub. You'll find comprehensive guides and documentation to help you install Snipe-IT as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

LDAP Sync & Login



You must have the php-ldap extension installed for LDAP integration to work! (Hosted customers already have this configured.)

The LDAP functionality will import any users in your LDAP/Active Directory using the LDAP sync (in People > LDAP), and will update existing users. It will also allow users to use their LDAP credentials to login to Snipe-IT.

To set up your Snipe-IT installation to be able to use LDAP for user login and import, go to Admin > Settings and scroll down to the LDAP settings sections.

We never, ever write anything to your LDAP server, and a read-only administrator account can be used for these settings.

LDAP Login Overview

When you have LDAP enabled and a user tries to login, it will first query your LDAP server with their credentials. If they authenticate successfully with your LDAP server, their local user record will be updated and they will be logged in.

If the user does not authenticate successfully against your LDAP server, their local user is NOT updated, and the system falls back to trying to authenticate them as a local (non-LDAP) account.


To get started configuring your LDAP integration, go to Admin > Settings in your top right navigation, click on Edit, and then scroll down to the LDAP settings section.



In most cases, all attribute values you enter should be all lowercase





LDAP Server


The URL of the LDAP server, beginning with ldap:// or ldaps://




Please note there is a difference between ldaps and start-TLS for ldap.  start-TLS uses port 389, while ldaps uses port 636.  ldaps has been deprecated in favour of start-TLS for ldap.  Both encrypted (start-TLS ldap)  and unencrypted ldap (ldap) run on port 389 concurrently.

Errors encountered are generally due to misunderstanding how to implement TLS-encrypted ldap.

Active Directory Domain

The domain to authenticate your AD against. This is often your company email domain, but not always. We concatenate this with your user's username to execute the authentication, so if your user was janedoe, and your AD domain was, we create the User Principal Name by combining them.

This is only needed for AD (not LDAP) connections.


LDAP Bind Username


Admin username to use to connect to LDAP to search the OU for LDAP import.


LDAP Bind Password


Password to use when authenticating to LDAP


Base Bind DN


The base where the search for users will be executed.


LDAP Filter


The search filter for the LDAP query.

For AD filter enabled users using:

This should EXCLUDE the final enclosing parentheses. For example, `&(cn=*), NOT (&(cn=*)).


Username Field


The name of the field in your LDAP that you want to use for Snipe-IT username.

AD: usually samaccountname
LDAP: usually uid


Last Name


The name of the field in your LDAP to use for last name. This is often sn (for surname).


LDAP First Name


The name of the field in your LDAP to use for first name.

AD: Usually givenname
LDAP: Usually cn


LDAP Authentication query


The LDAP query we should use to search your LDAP users.

AD: Usually sAMAccountName=


LDAP Version


Version of LDAP. This is usually going to be 3


LDAP Active Flag


Optional flag for disabled user accounts.


LDAP Employee Number


Only necessary if you use a field in LDAP to store an employee number. Can otherwise be left blank.


LDAP Email


LDAP field that should map to an email address for the user.


Once your settings are entered, make sure you check the LDAP Integration checkbox to enable LDAP authentication.

LDAP Command Line Sync

You can set up a cron to automatically sync LDAP users using the following:

php artisan snipeit:ldap-sync {--location=} {--location_id=} {--summary}

location and location_id are optional.

So for example, if you know the location_id of the location you're trying to add the users to, you could use:

php artisan snipeit:ldap-sync --location_id=1 --summary

Or if you know the name of the location, you could use:

php artisan snipeit:ldap-sync --location=Queens --summary

Updated 4 years ago

LDAP Sync & Login

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.