Bitwarden Directory Connector
Just found out there's a LDAP connector tool for Bitwarden. It's meant to bring user synchronization to Bitwarden organizations.
Can this be supported by enabling the LDAP addon in the Cloudron package or does that open up another can of worms, still?
Indeed, this was just added in 1.19.0 as experimental - https://github.com/dani-garcia/bitwarden_rs/commit/85e3c73525d327042c1ad142e48c044a5dbdd89c . It looks like it just imports users (but not password, not 100% sure). I cannot find much info about it.
Cool! Though I fail to see why this can’t be incorporated server-side.
@yusf What are you wanting to see incorporated? The directory sync connector?
That diff that @girish linked is to add experimental support for the upstream Directory Connector APIs to allow you to use the upstream connector.
The directory connector could probably be added as a separate app much like ONLYOFFICE is with Nextcloud.
Alternately, I wrote the original
bitwarden_rs_ldapconnector, which was supported from within the single install. It was auto configured and then triggered by a timer every 5 min to auto send invites. The reason it wasn't included in the final Cloudron release was because the LDAP connector doesn't in the same way as other Cloudron apps and it was confusing to the users who were testing.
As @girish said, it works by sending users invites. Passwords cannot be synced because the Bitwarden server never even gets to know your password.
It looks like it has been removed, but we could probably patch back in the old LDAP sync at least and make it something that could be configured using file manager or the terminal as an advanced feature.
@iamthefij Would be nice if it could be done. I realize passwords can't be synced, but allowing only email addresses known in the LDAP would be enough for me. I just don't want it to mass-invite users.
@yusf yea, that was the feedback from the other thread too. Unfortunately, if email is enabled, Bitwarden_rs will automatically send emails for all invited users. An upstream change to provide an API option to skip sending emails would need to be added.
@iamthefij alternately, if the ldap syncer could write the emails to some db field/file and bitwarden_rs can use that as an allow list that would also work.