LDAP directory connector for bitwarden_rs
Go to file
ViViDboarder 7f35c2a989 Make checking for existing users case insensitive
Email addresses are not case case sensitive, so when we check for an
existing user, we should make sure we do it in a way that is not
sensitive to case.

Fixes #8
2020-03-05 13:09:37 -08:00
src Make checking for existing users case insensitive 2020-03-05 13:09:37 -08:00
.dockerignore Add Dockerfile 2019-04-12 16:42:07 -07:00
.gitignore Add Cargo.lock since this is an executable 2019-03-30 20:02:29 -07:00
Cargo.lock Update Cargo.lock with new version 2019-11-13 16:32:13 -08:00
Cargo.toml Bump version to v0.1.1 2019-10-02 15:07:55 -07:00
docker-compose.yml Fix invalid email field error 2019-10-02 15:04:32 -07:00
Dockerfile Update compose to mostly work 2019-04-12 16:42:07 -07:00
Dockerfile.alpine Add alpine base option 2019-04-18 18:13:31 -07:00
example.config.toml Update compose to mostly work 2019-04-12 16:42:07 -07:00
LICENSE Initial commit 2019-02-27 21:55:25 -08:00
README.md Fix invalid email field error 2019-10-02 15:04:32 -07:00

bitwarden_rs_ldap

A simple LDAP connector for bitwarden_rs

After configuring, simply run bitwarden_rs_ldap and it will invite any users it finds in LDAP to your bitwarden_rs instance.

Deploying

This is easiest done using Docker. See the docker-compose.yml file in this repo for an example. If you would like to use Docker Hub rather than building, change build: . to image: vividboarder/bitwarden_rs_ldap.

Make sure to populate and mount your config.toml!

Configuration

Configuration is read from a TOML file. The default location is config.toml, but this can be configured by setting the CONFIG_PATH env variable to whatever path you would like.

Configuration values are as follows:

Name Type Optional Description
bitwarden_url String The root URL for accessing bitwarden_rs. Eg: https://bw.example.com
bitwarden_admin_token String The value passed as ADMIN_TOKEN to bitwarden_rs
ldap_host String The hostname or IP address for your ldap server
ldap_scheme String Optional The that should be used to connect. ldap or ldaps. This is set by default based on SSL settings
ldap_ssl Boolean Optional Indicates if SSL should be used. Defaults to false
ldap_port Integer Optional Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings
ldap_bind_dn String The dn for the bind user that will connect to LDAP. Eg. cn=admin,dc=example,dc=org
ldap_bind_password String The password for the provided bind user.
ldap_search_base_dn String Base dn that will be used when searching LDAP for users. Eg. dc=example,dc=org
ldap_search_filter String Filter used when searching LDAP for users. Eg. (&(objectClass=*)(uid=*))
ldap_mail_field String Optional Field for each user record that contains the email address to use. Defaults to mail
ldap_sync_interval_seconds Integer Optional Number of seconds to wait between each LDAP request. Defaults to 60
ldap_sync_loop Boolean Optional Indicates whether or not syncing should be polled in a loop or done once. Defaults to true

Testing

All testing is manual right now. First step is to set up Bitwarden and the LDAP server.

docker-compose up -d bitwarden ldap ldap_admin
  1. After that, open the admin portal on http://localhost:8001 and log in using the default account info:

    Username: cn=admin,dc=example,dc=org Password: admin

From there you can set up your test group and users.

  1. Expand the dc=example,dc=org nav tree and select "Create new entry here"

  2. Select "Generic: Posix Group"

  3. Give it a name, eg. "Users" and then save and commit

  4. Select "Create child object"

  5. Select "Generic: User Account"

  6. Give the user a name and select a group ID number and save and commit

  7. Select "Add new attribute" and select "Email" and then add a test email address

  8. Run the ldap sync

docker-compose up ldap_sync

Future

  • Any kind of proper logging
  • Tests