Set Up Cronjobs#

Many tasks in i-doit can be automated via the i-doit console -- from rebuilding the search index to LDAP synchronization and JDisc imports. To ensure this happens reliably and without manual intervention, you set up cronjobs.

Recommendation

Setting up cronjobs is optionally but strongly recommended -- ideally right after installation. Without cronjobs, notifications are not sent, the search index becomes outdated, and incomplete objects accumulate.

How Does Cron Work?#

Cron is the standard scheduler on Linux. You define when a command should be executed -- and cron takes care of making it happen. Each line in the crontab has five time fields followed by the command:

┌───────────── Minute (0–59)
│ ┌───────────── Hour (0–23)
│ │ ┌───────────── Day of month (1–31)
│ │ │ ┌───────────── Month (1–12)
│ │ │ │ ┌───────────── Day of week (0–7, 0 and 7 = Sunday)
│ │ │ │ │
* * * * *  Command

Common patterns:

Cron expression	Meaning
`0 5 * * *`	Daily at 05:00
`/15 * * *`	Every 15 minutes
`0 /2 * *`	Every 2 hours (on the hour)
`30 2 * * 1`	Every Monday at 02:30
`0 3 1 * *`	On the 1st of every month at 03:00
`0 1 * * 1-5`	Monday through Friday at 01:00

Tip

Use crontab.guru to test cron expressions before deploying them.

The i-doit Console#

All automatable tasks run via console.php in the i-doit installation directory. The basic call looks like this:

sudo -u www-data php /var/www/html/console.php COMMAND \
    --user admin --password admin --tenantId 1

sudo -u www-data -- Execute as the web server user (important for file permissions)
/var/www/html/ -- Path to your i-doit installation (adjust as needed!)
--user / --password -- An i-doit user with sufficient permissions
--tenantId 1 -- The tenant ID (always 1 for single-tenant setups)

Configuration files instead of long command lines

Instead of writing all parameters on the command line for every call, you can store them in an .ini file and reference it with --config or -c. This is more secure (no password in shell history) and cleaner -- especially for complex commands like ldap-sync or import-jdisc with many parameters.

php console.php search-index -c /var/www/html/search-index.ini

A detailed guide with examples for each command can be found at Configuration files for the i-doit console.

A complete list of all commands can be found at Commands and options.

Edit the Crontab#

Open the crontab of the web server user:

sudo crontab -e -u www-data

Enter the desired jobs here. After saving, they become active immediately -- no restart required.

Recommended Cronjobs#

Essential Jobs (Daily)#

You should set up these jobs in every i-doit installation:

## i-doit Cronjobs
## Adjust path: /var/www/html/ = your i-doit installation directory

# Rebuild search index — so that search returns current results
5 1 * * *   php /var/www/html/console.php search-index --user admin --password admin --tenantId 1 > /dev/null 2>&1

# Send notifications — e.g., expiring contracts, certificates
10 1 * * *  php /var/www/html/console.php notifications-send --user admin --password admin --tenantId 1 > /dev/null 2>&1

# Archive logbook — compress older entries
15 1 * * *  php /var/www/html/console.php logbook:archive --user admin --password admin --tenantId 1 > /dev/null 2>&1

# Clean up authorization cache — remove orphaned entries
20 1 * * *  php /var/www/html/console.php auth-cleanup --user admin --password admin --tenantId 1 > /dev/null 2>&1

# Delete incomplete objects — clean up objects with "incomplete" status
25 1 * * *  php /var/www/html/console.php system-objectcleanup --objectStatus 1 --user admin --password admin --tenantId 1 > /dev/null 2>&1

# Clear caches
30 1 * * *  rm -rf /var/www/html/temp/* > /dev/null 2>&1

No passwords in the crontab

Instead of repeating --user and --password in every line, store the credentials in a configuration file and reference it with -c.

Mind the time window

Run jobs at night when no users are working. During execution, no other access to i-doit should occur -- neither via the web GUI nor via the API.

LDAP Synchronization#

If you synchronize users from an LDAP directory:

# LDAP sync — synchronize users and groups from AD every 2 hours
0 */2 * * *  php /var/www/html/console.php ldap-sync --ldapServerId 1 --user admin --password admin --tenantId 1 > /var/www/html/log/ldap-sync.log 2>&1

--ldapServerId 1 -- The ID of your LDAP server (found under Administration > LDAP)
The log is written to /var/www/html/log/ldap-sync.log -- helpful for troubleshooting

The LDAP sync has many parameters (filters, mapping, groups). Instead of writing them all in the crontab, use a configuration file -- there you will find a complete example with attribute mapping and all options.

JDisc Import#

If you use JDisc Discovery for automatic inventory:

# JDisc import — import network scan daily at 04:00
0 4 * * *  php /var/www/html/console.php import-jdisc --profile 1 --group 2 --mode 4 --user admin --password admin --tenantId 1 > /var/www/html/log/jdisc-import.log 2>&1

--profile 1 -- JDisc profile ID (found under Administration > Import > JDisc)
--group 2 -- JDisc server group
--mode 4 -- Import mode (4 = Update + Create)

CSV Import#

For recurring CSV imports:

# CSV import — import new assets every Monday at 03:00
0 3 * * 1  php /var/www/html/console.php import-csv --importFile /data/import/assets.csv --importProfileId 1 --user admin --password admin --tenantId 1 > /var/www/html/log/csv-import.log 2>&1

Report Export#

# Export "Expiring Contracts" report every Friday at 08:00
0 8 * * 5  php /var/www/html/console.php report-export --reportId 42 --exportPath /var/www/html/exports/ --user admin --password admin --tenantId 1 > /dev/null 2>&1

Bundle All Jobs in a Script#

Instead of writing each command individually in the crontab, you can bundle all essential jobs in a bash script. This makes maintenance easier.

Script: idoit-jobs#

Create the script:

1	`sudo nano /usr/local/bin/idoit-jobs`

Content:

#!/bin/bash
set -euo pipefail

## Configuration — adjust to your installation
INSTALL_PATH="/var/www/html"
CONSOLE="php ${INSTALL_PATH}/console.php"
USER="admin"
PASS="admin"
TENANT="1"
AUTH="--user $USER --password $PASS --tenantId $TENANT"

## Run jobs
echo "$(date): Starting i-doit jobs..."

$CONSOLE logbook:archive $AUTH
$CONSOLE auth-cleanup $AUTH
$CONSOLE system-objectcleanup --objectStatus 1 $AUTH
$CONSOLE search-index $AUTH
$CONSOLE notifications-send $AUTH

# Clear caches
rm -rf ${INSTALL_PATH}/temp/*

echo "$(date): Jobs completed."

Make it executable:

sudo chmod +x /usr/local/bin/idoit-jobs

Then only one line in the crontab:

5 1 * * *  www-data  /usr/local/bin/idoit-jobs > /var/www/html/log/cronjobs.log 2>&1

Script: idoit (Console Wrapper)#

If you frequently call console.php manually, a wrapper script helps:

1	`sudo nano /usr/local/bin/idoit`

Content:

#!/bin/bash
set -euo pipefail

INSTALL_PATH="/var/www/html"
APACHE_USER="www-data"

if [ "$(whoami)" != "$APACHE_USER" ]; then
    sudo -u "$APACHE_USER" php "${INSTALL_PATH}/console.php" "$@"
else
    php "${INSTALL_PATH}/console.php" "$@"
fi

sudo chmod +x /usr/local/bin/idoit

After that, you can call the console like this:

idoit search-index --user admin --password admin --tenantId 1

Error Handling#

Errors Only via Email#

Set up an SMTP relay (e.g., with msmtp), then cronjobs will automatically report errors via email. Using the tool chronic from the moreutils package, only errors are reported -- successful runs remain silent:

sudo apt install moreutils

# In the crontab:
MAILTO="admin@company.com"
5 1 * * *  www-data  chronic /usr/local/bin/idoit-jobs

Check Log Files#

If a job fails, check the logs:

# Cronjob log
cat /var/www/html/log/cronjobs.log

# i-doit system log
tail -50 /var/www/html/log/system_*.log

# PHP error log
tail -50 /var/log/php/error.log

Windows#

The bash scripts described here do not work on Windows. Create equivalent batch or PowerShell scripts and use the Windows Task Scheduler for automation. The console.php commands remain identical -- only the invocation differs:

php C:\i-doit\console.php search-index --user admin --password admin --tenantId 1