vividboarder
/
bitwarden_rs_ldap
mirror of https://github.com/ViViDboarder/bitwarden_rs_ldap.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Rebrand vaultwarden

This commit is contained in:
ViViDboarder 2021-05-07 12:55:29 -07:00
parent e05929765c
commit a0bb9152ee
11 changed files with 63 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Cargo.lock generated
View File

@ -39,17 +39,6 @@ name = "bitflags"
version = "1.0.4" version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "bitwarden_rs_ldap"
version = "0.3.1"
dependencies = [
"ldap3 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
"reqwest 0.9.12 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.89 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.39 (registry+https://github.com/rust-lang/crates.io-index)",
"toml 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "build_const" name = "build_const"
version = "0.2.1" version = "0.2.1"
@ -1340,6 +1329,17 @@ dependencies = [
"rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
] ]
[[package]]
name = "vaultwarden_ldap"
version = "0.3.1"
dependencies = [
"ldap3 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
"reqwest 0.9.12 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.89 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.39 (registry+https://github.com/rust-lang/crates.io-index)",
"toml 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "vcpkg" name = "vcpkg"
version = "0.2.6" version = "0.2.6"

2
Cargo.toml
View File

@ -1,5 +1,5 @@
[package] [package]
name = "bitwarden_rs_ldap" name = "vaultwarden_ldap"
version = "0.3.1" version = "0.3.1"
authors = ["ViViDboarder <vividboarder@gmail.com>"] authors = ["ViViDboarder <vividboarder@gmail.com>"]
edition = "2018" edition = "2018"

8
Dockerfile
View File

@ -1,17 +1,17 @@
FROM rust:1.46 FROM rust:1.46
WORKDIR /usr/src/ WORKDIR /usr/src/
RUN USER=root cargo new --bin bitwarden_rs_ldap RUN USER=root cargo new --bin vaultwarden_ldap
WORKDIR /usr/src/bitwarden_rs_ldap WORKDIR /usr/src/vaultwarden_ldap
# Compile dependencies # Compile dependencies
COPY Cargo.toml Cargo.lock ./ COPY Cargo.toml Cargo.lock ./
RUN cargo build --locked --release RUN cargo build --locked --release
# Remove bins to make sure we rebuild # Remove bins to make sure we rebuild
RUN rm ./target/release/deps/bitwarden_rs_ldap* RUN rm ./target/release/deps/vaultwarden_ldap*
# Copy source and install # Copy source and install
COPY src ./src COPY src ./src
RUN cargo install --path . RUN cargo install --path .
CMD ["bitwarden_rs_ldap"] CMD ["vaultwarden_ldap"]

6
Dockerfile.alpine
View File

@ -8,7 +8,7 @@ RUN cargo build --locked --release
# Remove temp src # Remove temp src
RUN rm src/*.rs RUN rm src/*.rs
# Remove bins to make sure we rebuild # Remove bins to make sure we rebuild
# RUN rm ./target/release/deps/bitwarden_rs_ldap* # RUN rm ./target/release/deps/vaultwarden_ldap*
COPY --chown=rust:rust ./src ./src COPY --chown=rust:rust ./src ./src
RUN touch ./src/main.rs RUN touch ./src/main.rs
@ -17,7 +17,7 @@ RUN cargo build --release
FROM alpine:3 FROM alpine:3
RUN apk --no-cache add ca-certificates=20191127-r5 RUN apk --no-cache add ca-certificates=20191127-r5
COPY --from=builder \ COPY --from=builder \
/home/rust/src/target/x86_64-unknown-linux-musl/release/bitwarden_rs_ldap \ /home/rust/src/target/x86_64-unknown-linux-musl/release/vaultwarden_ldap \
/usr/local/bin/ /usr/local/bin/
CMD ["/usr/local/bin/bitwarden_rs_ldap"] CMD ["/usr/local/bin/vaultwarden_ldap"]

14
Makefile
View File

@ -1,4 +1,4 @@
DOCKER_TAG ?= bitwarden_rs_ldap_${USER} DOCKER_TAG ?= vaultwarden_ldap_${USER}
.PHONY: all .PHONY: all
all: test check release all: test check release
@ -7,23 +7,23 @@ all: test check release
.DEFAULT_GOAL = test .DEFAULT_GOAL = test
# Build debug version # Build debug version
target/debug/bitwarden_rs_ldap: src/ target/debug/vaultwarden_ldap: src/
cargo build cargo build
# Build release version # Build release version
target/release/bitwarden_rs_ldap: src/ target/release/vaultwarden_ldap: src/
cargo build --locked --release cargo build --locked --release
.PHONY: debug .PHONY: debug
debug: target/debug/bitwarden_rs_ldap debug: target/debug/vaultwarden_ldap
.PHONY: release .PHONY: release
release: target/release/bitwarden_rs_ldap release: target/release/vaultwarden_ldap
# Run debug version # Run debug version
.PHONY: run-debug .PHONY: run-debug
run-debug: target/debug/bitwarden_rs_ldap run-debug: target/debug/vaultwarden_ldap
target/debug/bitwarden_rs_ldap target/debug/vaultwarden_ldap
# Run all tests # Run all tests
.PHONY: test .PHONY: test

16
README.md
View File

@ -1,11 +1,11 @@
# bitwarden_rs_ldap # vaultwarden_ldap
A simple LDAP connector for [bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) An LDAP connector for [vaultwarden](https://github.com/dani-garcia/vaultwarden)
After configuring, run `bitwarden_rs_ldap` and it will invite any users it finds in LDAP to your `bitwarden_rs` instance. After configuring, run `vaultwarden_ldap` and it will invite any users it finds in LDAP to your `vaultwarden` instance.
## Deploying ## Deploying
This is easiest done using Docker. See the `docker-compose.yml` file in this repo for an example. If you would like to use Docker Hub rather than building, change `build: .` to `image: vividboarder/bitwarden_rs_ldap`. This is easiest done using Docker. See the `docker-compose.yml` file in this repo for an example. If you would like to use Docker Hub rather than building, change `build: .` to `image: vividboarder/vaultwarden_ldap`.
Make sure to populate and mount your `config.toml`! Make sure to populate and mount your `config.toml`!
@ -17,9 +17,9 @@ Configuration values are as follows:
|Name|Type|Optional|Description| |Name|Type|Optional|Description|
|----|----|--------|-----------| |----|----|--------|-----------|
|`bitwarden_url`|String||The root URL for accessing `bitwarden_rs`. Eg: `https://bw.example.com`| |`vaultwarden_url`|String||The root URL for accessing `vaultwarden`. Eg: `https://vw.example.com`|
|`bitwarden_admin_token`|String||The value passed as `ADMIN_TOKEN` to `bitwarden_rs`| |`vaultwarden_admin_token`|String||The value passed as `ADMIN_TOKEN` to `vaultwarden`|
|`bitwarden_root_cert_file`|String|Optional|Path to an additional der-encoded root certificate to trust. Eg. `root.cert`. If using Docker see `docker-compose.yml` for how to expose it. Defaults to `empty`| |`vaultwarden_root_cert_file`|String|Optional|Path to an additional der-encoded root certificate to trust. Eg. `root.cert`. If using Docker see `docker-compose.yml` for how to expose it. Defaults to `empty`|
|`ldap_host`|String||The hostname or IP address for your ldap server| |`ldap_host`|String||The hostname or IP address for your ldap server|
|`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings| |`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings|
|`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used and if we should connect with `ldaps`. Defaults to `false`| |`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used and if we should connect with `ldaps`. Defaults to `false`|
@ -45,7 +45,7 @@ For those less familiar with `cargo`, you can use the `make` targets that have b
All testing is manual right now. First step is to set up Bitwarden and the LDAP server. All testing is manual right now. First step is to set up Bitwarden and the LDAP server.
```bash ```bash
docker-compose up -d bitwarden ldap ldap_admin docker-compose up -d vaultwarden ldap ldap_admin
``` ```
1. After that, open the admin portal on http://localhost:8001 and log in using the default account info: 1. After that, open the admin portal on http://localhost:8001 and log in using the default account info:

11
docker-compose.yml
View File

@ -7,14 +7,17 @@ services:
dockerfile: Dockerfile.alpine dockerfile: Dockerfile.alpine
volumes: volumes:
- ./example.config.toml:/config.toml:ro - ./example.config.toml:/config.toml:ro
# ./root.cert:/usr/src/bitwarden_rs_ldap/root.cert:ro # ./root.cert:/usr/src/vaultwarden_ldap/root.cert:ro
environment: environment:
CONFIG_PATH: /config.toml CONFIG_PATH: /config.toml
RUST_BACKTRACE: 1 RUST_BACKTRACE: 1
depends_on:
- vaultwarden
- ldap
restart: always restart: always
bitwarden: vaultwarden:
image: bitwardenrs/server image: vaultwarden/server
ports: ports:
- 8000:80 - 8000:80
environment: environment:
@ -42,3 +45,5 @@ services:
environment: environment:
PHPLDAPADMIN_HTTPS: 'false' PHPLDAPADMIN_HTTPS: 'false'
PHPLDAPADMIN_LDAP_HOSTS: ldap PHPLDAPADMIN_LDAP_HOSTS: ldap
depends_on:
- ldap

4
example.config.toml
View File

@ -1,5 +1,5 @@
bitwarden_url = "http://bitwarden:80" vaultwarden_url = "http://vaultwarden:80"
bitwarden_admin_token = "admin" vaultwarden_admin_token = "admin"
ldap_host = "ldap" ldap_host = "ldap"
ldap_bind_dn = "cn=admin,dc=example,dc=org" ldap_bind_dn = "cn=admin,dc=example,dc=org"
ldap_bind_password = "admin" ldap_bind_password = "admin"

20
src/config.rs
View File

@ -36,9 +36,9 @@ pub fn read_config() -> Config {
/// Contains all config values for LDAP syncing /// Contains all config values for LDAP syncing
pub struct Config { pub struct Config {
// Bitwarden connection config // Bitwarden connection config
bitwarden_url: String, vaultwarden_url: String,
bitwarden_admin_token: String, vaultwarden_admin_token: String,
bitwarden_root_cert_file: Option<String>, vaultwarden_root_cert_file: Option<String>,
// LDAP Connection config // LDAP Connection config
ldap_host: String, ldap_host: String,
ldap_scheme: Option<String>, ldap_scheme: Option<String>,
@ -66,17 +66,17 @@ impl Config {
read_config() read_config()
} }
pub fn get_bitwarden_url(&self) -> String { pub fn get_vaultwarden_url(&self) -> String {
self.bitwarden_url.clone() self.vaultwarden_url.clone()
} }
pub fn get_bitwarden_admin_token(&self) -> String { pub fn get_vaultwarden_admin_token(&self) -> String {
self.bitwarden_admin_token.clone() self.vaultwarden_admin_token.clone()
} }
pub fn get_bitwarden_root_cert_file(&self) -> String { pub fn get_vaultwarden_root_cert_file(&self) -> String {
match &self.bitwarden_root_cert_file { match &self.vaultwarden_root_cert_file {
Some(bitwarden_root_cert_file) => bitwarden_root_cert_file.clone(), Some(vaultwarden_root_cert_file) => vaultwarden_root_cert_file.clone(),
None => String::new(), None => String::new(),
} }
} }

18
src/main.rs
View File

@ -7,15 +7,15 @@ use std::time::Duration;
use ldap3::{DerefAliases, LdapConn, LdapConnSettings, Scope, SearchEntry, SearchOptions}; use ldap3::{DerefAliases, LdapConn, LdapConnSettings, Scope, SearchEntry, SearchOptions};
mod bw_admin;
mod config; mod config;
mod vw_admin;
fn main() { fn main() {
let config = config::Config::from_file(); let config = config::Config::from_file();
let mut client = bw_admin::Client::new( let mut client = vw_admin::Client::new(
config.get_bitwarden_url().clone(), config.get_vaultwarden_url().clone(),
config.get_bitwarden_admin_token().clone(), config.get_vaultwarden_admin_token().clone(),
config.get_bitwarden_root_cert_file().clone(), config.get_vaultwarden_root_cert_file().clone(),
); );
if let Err(e) = invite_users(&config, &mut client, config.get_ldap_sync_loop()) { if let Err(e) = invite_users(&config, &mut client, config.get_ldap_sync_loop()) {
@ -26,7 +26,7 @@ fn main() {
/// Invites new users to Bitwarden from LDAP /// Invites new users to Bitwarden from LDAP
fn invite_users( fn invite_users(
config: &config::Config, config: &config::Config,
client: &mut bw_admin::Client, client: &mut vw_admin::Client,
start_loop: bool, start_loop: bool,
) -> Result<(), Box<dyn Error>> { ) -> Result<(), Box<dyn Error>> {
if start_loop { if start_loop {
@ -39,7 +39,7 @@ fn invite_users(
} }
/// Creates set of email addresses for users that already exist in Bitwarden /// Creates set of email addresses for users that already exist in Bitwarden
fn get_existing_users(client: &mut bw_admin::Client) -> Result<HashSet<String>, Box<dyn Error>> { fn get_existing_users(client: &mut vw_admin::Client) -> Result<HashSet<String>, Box<dyn Error>> {
let all_users = client.users()?; let all_users = client.users()?;
let mut user_emails = HashSet::with_capacity(all_users.len()); let mut user_emails = HashSet::with_capacity(all_users.len());
for user in all_users { for user in all_users {
@ -119,7 +119,7 @@ fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn E
/// Invite all LDAP users to Bitwarden /// Invite all LDAP users to Bitwarden
fn invite_from_ldap( fn invite_from_ldap(
config: &config::Config, config: &config::Config,
client: &mut bw_admin::Client, client: &mut vw_admin::Client,
) -> Result<(), Box<dyn Error>> { ) -> Result<(), Box<dyn Error>> {
match get_existing_users(client) { match get_existing_users(client) {
Ok(existing_users) => { Ok(existing_users) => {
@ -161,7 +161,7 @@ fn invite_from_ldap(
/// Begin sync loop to invite LDAP users to Bitwarden /// Begin sync loop to invite LDAP users to Bitwarden
fn start_sync_loop( fn start_sync_loop(
config: &config::Config, config: &config::Config,
client: &mut bw_admin::Client, client: &mut vw_admin::Client,
) -> Result<(), Box<dyn Error>> { ) -> Result<(), Box<dyn Error>> {
let interval = Duration::from_secs(config.get_ldap_sync_interval_seconds()); let interval = Duration::from_secs(config.get_ldap_sync_interval_seconds());
loop { loop {

0
src/bw_admin.rs → src/vw_admin.rs
View File