How to Set Up the LDAP Synchronization Cronjob
Automating Directory Sync with Cron
To keep your user directory in sync automatically, you'll need to schedule a cron job on your server.
We recommend running it once per day, but you can adjust the frequency as needed.
Debian / Ubuntu
0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1
RHEL / CentOS / RPM-based Systems
0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash nginx >> /var/log/cron.log 2>&1
Replace
nginxwith the actual web server user if your environment differs.
Docker
If you're using the official Docker deployment, uncomment the relevant cron lines in your Docker Compose file:
These lines enable the sync cron task within the containerized environment.
Once configured, your directory sync will run automatically based on the schedule you've defined.
Looking for More Advanced Scenarios?
This page provides basic examples for setting up cron jobs in both Package and Docker environments.
If you're working with more complex directory configurations—such as:
- multi-domain forests,
- synchronization of deleted users or complex permission structures,
- skipped entries, pagination handling, or memory limitations during syncs,
we recommend referring to the dedicated guide on advanced LDAP scenarios:
That resource offers in-depth guidance on large-scale environments, directory-specific quirks, and edge cases, and serves as the single source of truth for advanced provisioning setups.