LDAP directory connector for bitwarden_rs

Go to file

ViViDboarder 7f35c2a989 Make checking for existing users case insensitive Email addresses are not case case sensitive, so when we check for an existing user, we should make sure we do it in a way that is not sensitive to case. Fixes #8		2020-03-05 13:09:37 -08:00
src	Make checking for existing users case insensitive	2020-03-05 13:09:37 -08:00
.dockerignore	Add Dockerfile	2019-04-12 16:42:07 -07:00
.gitignore	Add Cargo.lock since this is an executable	2019-03-30 20:02:29 -07:00
Cargo.lock	Update Cargo.lock with new version	2019-11-13 16:32:13 -08:00
Cargo.toml	Bump version to v0.1.1	2019-10-02 15:07:55 -07:00
Dockerfile	Update compose to mostly work	2019-04-12 16:42:07 -07:00
Dockerfile.alpine	Add alpine base option	2019-04-18 18:13:31 -07:00
LICENSE	Initial commit	2019-02-27 21:55:25 -08:00
README.md	Fix invalid email field error	2019-10-02 15:04:32 -07:00
docker-compose.yml	Fix invalid email field error	2019-10-02 15:04:32 -07:00
example.config.toml	Update compose to mostly work	2019-04-12 16:42:07 -07:00

README.md

bitwarden_rs_ldap

A simple LDAP connector for bitwarden_rs

After configuring, simply run bitwarden_rs_ldap and it will invite any users it finds in LDAP to your bitwarden_rs instance.

Deploying

This is easiest done using Docker. See the docker-compose.yml file in this repo for an example. If you would like to use Docker Hub rather than building, change build: . to image: vividboarder/bitwarden_rs_ldap.

Make sure to populate and mount your config.toml!

Configuration

Configuration is read from a TOML file. The default location is config.toml, but this can be configured by setting the CONFIG_PATH env variable to whatever path you would like.

Configuration values are as follows:

Name	Type	Optional	Description
`bitwarden_url`	String		The root URL for accessing `bitwarden_rs`. Eg: `https://bw.example.com`
`bitwarden_admin_token`	String		The value passed as `ADMIN_TOKEN` to `bitwarden_rs`
`ldap_host`	String		The hostname or IP address for your ldap server
`ldap_scheme`	String	Optional	The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings
`ldap_ssl`	Boolean	Optional	Indicates if SSL should be used. Defaults to `false`
`ldap_port`	Integer	Optional	Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings
`ldap_bind_dn`	String		The dn for the bind user that will connect to LDAP. Eg. `cn=admin,dc=example,dc=org`
`ldap_bind_password`	String		The password for the provided bind user.
`ldap_search_base_dn`	String		Base dn that will be used when searching LDAP for users. Eg. `dc=example,dc=org`
`ldap_search_filter`	String		Filter used when searching LDAP for users. Eg. `(&(objectClass=)(uid=))`
`ldap_mail_field`	String	Optional	Field for each user record that contains the email address to use. Defaults to `mail`
`ldap_sync_interval_seconds`	Integer	Optional	Number of seconds to wait between each LDAP request. Defaults to `60`
`ldap_sync_loop`	Boolean	Optional	Indicates whether or not syncing should be polled in a loop or done once. Defaults to `true`

Testing

All testing is manual right now. First step is to set up Bitwarden and the LDAP server.

docker-compose up -d bitwarden ldap ldap_admin

After that, open the admin portal on http://localhost:8001 and log in using the default account info:

Username: cn=admin,dc=example,dc=org Password: admin

From there you can set up your test group and users.

Expand the dc=example,dc=org nav tree and select "Create new entry here"
Select "Generic: Posix Group"
Give it a name, eg. "Users" and then save and commit
Select "Create child object"
Select "Generic: User Account"
Give the user a name and select a group ID number and save and commit
Select "Add new attribute" and select "Email" and then add a test email address
Run the ldap sync

docker-compose up ldap_sync

Future

Any kind of proper logging
Tests