Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Bitwarden Directory Connector

    BitwardenRS
    3
    7
    201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yusf
      yusf last edited by

      a942eb6e-4cbd-4e72-a1c9-50e42116de3a-bild.png

      Just found out there's a LDAP connector tool for Bitwarden. It's meant to bring user synchronization to Bitwarden organizations.

      Can this be supported by enabling the LDAP addon in the Cloudron package or does that open up another can of worms, still?

      1 Reply Last reply Reply Quote 5
      • girish
        girish Staff last edited by girish

        Indeed, this was just added in 1.19.0 as experimental - https://github.com/dani-garcia/bitwarden_rs/commit/85e3c73525d327042c1ad142e48c044a5dbdd89c . It looks like it just imports users (but not password, not 100% sure). I cannot find much info about it.

        yusf 1 Reply Last reply Reply Quote 2
        • yusf
          yusf @girish last edited by

          Cool! Though I fail to see why this can’t be incorporated server-side. 🤔

          iamthefij 1 Reply Last reply Reply Quote 0
          • iamthefij
            iamthefij App Dev @yusf last edited by

            @yusf What are you wanting to see incorporated? The directory sync connector?

            That diff that @girish linked is to add experimental support for the upstream Directory Connector APIs to allow you to use the upstream connector.

            The directory connector could probably be added as a separate app much like ONLYOFFICE is with Nextcloud.

            Alternately, I wrote the original bitwarden_rs_ldap connector, which was supported from within the single install. It was auto configured and then triggered by a timer every 5 min to auto send invites. The reason it wasn't included in the final Cloudron release was because the LDAP connector doesn't in the same way as other Cloudron apps and it was confusing to the users who were testing.

            As @girish said, it works by sending users invites. Passwords cannot be synced because the Bitwarden server never even gets to know your password.

            It looks like it has been removed, but we could probably patch back in the old LDAP sync at least and make it something that could be configured using file manager or the terminal as an advanced feature.

            yusf 1 Reply Last reply Reply Quote 3
            • yusf
              yusf @iamthefij last edited by

              @iamthefij Would be nice if it could be done. I realize passwords can't be synced, but allowing only email addresses known in the LDAP would be enough for me. I just don't want it to mass-invite users.

              iamthefij 1 Reply Last reply Reply Quote 2
              • iamthefij
                iamthefij App Dev @yusf last edited by

                @yusf yea, that was the feedback from the other thread too. Unfortunately, if email is enabled, Bitwarden_rs will automatically send emails for all invited users. An upstream change to provide an API option to skip sending emails would need to be added.

                girish 1 Reply Last reply Reply Quote 2
                • girish
                  girish Staff @iamthefij last edited by

                  @iamthefij alternately, if the ldap syncer could write the emails to some db field/file and bitwarden_rs can use that as an allow list that would also work.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post