b04ee3a60a
Should add support for TLS 1.3 Also, this fixes the Alpine builds |
||
---|---|---|
scripts | ||
src | ||
.dockerignore | ||
.gitignore | ||
.pre-commit-config.yaml | ||
Cargo.lock | ||
Cargo.toml | ||
docker-compose.yml | ||
Dockerfile | ||
Dockerfile.alpine | ||
example.config.toml | ||
LICENSE | ||
Makefile | ||
README.md |
bitwarden_rs_ldap
A simple LDAP connector for bitwarden_rs
After configuring, run bitwarden_rs_ldap
and it will invite any users it finds in LDAP to your bitwarden_rs
instance.
Deploying
This is easiest done using Docker. See the docker-compose.yml
file in this repo for an example. If you would like to use Docker Hub rather than building, change build: .
to image: vividboarder/bitwarden_rs_ldap
.
Make sure to populate and mount your config.toml
!
Configuration
Configuration is read from a TOML file. The default location is config.toml
, but this can be configured by setting the CONFIG_PATH
env variable to whatever path you would like.
Configuration values are as follows:
Name | Type | Optional | Description |
---|---|---|---|
bitwarden_url |
String | The root URL for accessing bitwarden_rs . Eg: https://bw.example.com |
|
bitwarden_admin_token |
String | The value passed as ADMIN_TOKEN to bitwarden_rs |
|
bitwarden_root_cert_file |
String | Optional | Path to an additional der-encoded root certificate to trust. Eg. root.cert . If using Docker see docker-compose.yml for how to expose it. Defaults to empty |
ldap_host |
String | The hostname or IP address for your ldap server | |
ldap_scheme |
String | Optional | The that should be used to connect. ldap or ldaps . This is set by default based on SSL settings |
ldap_ssl |
Boolean | Optional | Indicates if SSL should be used. Defaults to false |
ldap_no_tls_verify |
Boolean | Optional | Indicates if certificate should be verified when using SSL. Defaults to true |
ldap_port |
Integer | Optional | Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings |
ldap_bind_dn |
String | The dn for the bind user that will connect to LDAP. Eg. cn=admin,dc=example,dc=org |
|
ldap_bind_password |
String | The password for the provided bind user. | |
ldap_search_base_dn |
String | Base dn that will be used when searching LDAP for users. Eg. dc=example,dc=org |
|
ldap_search_filter |
String | Filter used when searching LDAP for users. Eg. (&(objectClass=*)(uid=*)) |
|
ldap_mail_field |
String | Optional | Field for each user record that contains the email address to use. Defaults to mail |
ldap_sync_interval_seconds |
Integer | Optional | Number of seconds to wait between each LDAP request. Defaults to 60 |
ldap_sync_loop |
Boolean | Optional | Indicates whether or not syncing should be polled in a loop or done once. Defaults to true |
Development
This repo has a predefined set of pre-commit rules. You can install pre-commit via any means you'd like. Once your system has pre-commit
installed, you can run make install-hooks
to ensure the hooks will run with every commit. You can also force running all hooks with make check
.
For those less familiar with cargo
, you can use the make
targets that have been included for common tasks like running a debug version. make run-debug
or building a release version make release
.
Testing
All testing is manual right now. First step is to set up Bitwarden and the LDAP server.
docker-compose up -d bitwarden ldap ldap_admin
-
After that, open the admin portal on http://localhost:8001 and log in using the default account info:
Username: cn=admin,dc=example,dc=org Password: admin
From there you can set up your test group and users.
-
Expand the
dc=example,dc=org
nav tree and select "Create new entry here" -
Select "Generic: Posix Group"
-
Give it a name, eg. "Users" and then save and commit
-
Select "Create child object"
-
Select "Generic: User Account"
-
Give the user a name and select a group ID number and save and commit
-
Select "Add new attribute" and select "Email" and then add a test email address
-
Run the ldap sync
docker-compose up ldap_sync
Future
- Any kind of proper logging
- Tests