Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Bitwarden Directory Connector

Scheduled Pinned Locked Moved Vaultwarden
7 Posts 3 Posters 809 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • yusfY Offline
    yusfY Offline
    yusf
    wrote on last edited by
    #1

    a942eb6e-4cbd-4e72-a1c9-50e42116de3a-bild.png

    Just found out there's a LDAP connector tool for Bitwarden. It's meant to bring user synchronization to Bitwarden organizations.

    Can this be supported by enabling the LDAP addon in the Cloudron package or does that open up another can of worms, still?

    1 Reply Last reply
    5
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by girish
    #2

    Indeed, this was just added in 1.19.0 as experimental - https://github.com/dani-garcia/bitwarden_rs/commit/85e3c73525d327042c1ad142e48c044a5dbdd89c . It looks like it just imports users (but not password, not 100% sure). I cannot find much info about it.

    yusfY 1 Reply Last reply
    2
  • yusfY Offline
    yusfY Offline
    yusf
    replied to girish on last edited by
    #3

    Cool! Though I fail to see why this can’t be incorporated server-side. 🤔

    iamthefijI 1 Reply Last reply
    0
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    replied to yusf on last edited by
    #4

    @yusf What are you wanting to see incorporated? The directory sync connector?

    That diff that @girish linked is to add experimental support for the upstream Directory Connector APIs to allow you to use the upstream connector.

    The directory connector could probably be added as a separate app much like ONLYOFFICE is with Nextcloud.

    Alternately, I wrote the original bitwarden_rs_ldap connector, which was supported from within the single install. It was auto configured and then triggered by a timer every 5 min to auto send invites. The reason it wasn't included in the final Cloudron release was because the LDAP connector doesn't in the same way as other Cloudron apps and it was confusing to the users who were testing.

    As @girish said, it works by sending users invites. Passwords cannot be synced because the Bitwarden server never even gets to know your password.

    It looks like it has been removed, but we could probably patch back in the old LDAP sync at least and make it something that could be configured using file manager or the terminal as an advanced feature.

    yusfY 1 Reply Last reply
    3
  • yusfY Offline
    yusfY Offline
    yusf
    replied to iamthefij on last edited by
    #5

    @iamthefij Would be nice if it could be done. I realize passwords can't be synced, but allowing only email addresses known in the LDAP would be enough for me. I just don't want it to mass-invite users.

    iamthefijI 1 Reply Last reply
    2
  • iamthefijI Offline
    iamthefijI Offline
    iamthefij App Dev
    replied to yusf on last edited by
    #6

    @yusf yea, that was the feedback from the other thread too. Unfortunately, if email is enabled, Bitwarden_rs will automatically send emails for all invited users. An upstream change to provide an API option to skip sending emails would need to be added.

    girishG 1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    replied to iamthefij on last edited by
    #7

    @iamthefij alternately, if the ldap syncer could write the emails to some db field/file and bitwarden_rs can use that as an allow list that would also work.

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.