All Projects → ViViDboarder → vaultwarden_ldap

ViViDboarder / vaultwarden_ldap

Licence: GPL-3.0 license
LDAP directory connector for vaultwarden

Programming Languages

rust
11053 projects
Makefile
30231 projects
Dockerfile
14818 projects
shell
77523 projects

Projects that are alternatives of or similar to vaultwarden ldap

PHP
PHP Related Projects: Like simple PHP Genetic algorithm, LDAP login , Websockets and more
Stars: ✭ 22 (-72.5%)
Mutual labels:  ldap
AD-webmanager
A web interface for administration of Active Directory Domains, made in Python, with focus on easy of use and simplicity.
Stars: ✭ 26 (-67.5%)
Mutual labels:  ldap
existing-ldap-docker-registry
This is a docker application to run Docker Registry behind an Ngnix in order to obtain an authentication method using a company Active Directory.
Stars: ✭ 29 (-63.75%)
Mutual labels:  ldap
schema2ldif
Schema 2 ldif : tool to convert .schema to .ldif files and mange them live into an openldap server
Stars: ✭ 14 (-82.5%)
Mutual labels:  ldap
dockerfiles
Dockerfile文件集合
Stars: ✭ 34 (-57.5%)
Mutual labels:  ldap
ldapscripts
Simple shell scripts to handle POSIX entries in an LDAP directory
Stars: ✭ 20 (-75%)
Mutual labels:  ldap
sonar-ldap
🏬 LDAP Plugin for SonarQube
Stars: ✭ 31 (-61.25%)
Mutual labels:  ldap
ldap2json
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Stars: ✭ 56 (-30%)
Mutual labels:  ldap
ldap write support
👥🖎 create, edit and delete LDAP users and groups from Nextcloud
Stars: ✭ 15 (-81.25%)
Mutual labels:  ldap
ldap-log
一个LDAP请求监听器,摆脱dnslog平台和java
Stars: ✭ 33 (-58.75%)
Mutual labels:  ldap
Active-Directory-Search
👤 This Active Directory Search tool was written in C# and VB.NET Windows Forms and exports the results from LDAP to csv format.
Stars: ✭ 19 (-76.25%)
Mutual labels:  ldap
adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin?
Stars: ✭ 862 (+977.5%)
Mutual labels:  ldap
lldap
Light LDAP implementation
Stars: ✭ 1,402 (+1652.5%)
Mutual labels:  ldap
bk-user
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。
Stars: ✭ 31 (-61.25%)
Mutual labels:  ldap
rabbitmq-auth-backend-cache
Authorisation result caching plugin (backend) for RabbitMQ
Stars: ✭ 17 (-78.75%)
Mutual labels:  ldap
k8s-ldap
Kubernetes - LDAP authentication with Dex
Stars: ✭ 59 (-26.25%)
Mutual labels:  ldap
vmam
VLAN Mac-address Authentication Manager
Stars: ✭ 19 (-76.25%)
Mutual labels:  ldap
Linux-Active-Directory-join-script
Active directory Join script for Ubuntu, Debian, CentOS, Linux Mint, Fedora, Kali, Elementary OS and Raspbian with built in failchcheck and debugmode for Ubuntu. "The most advanced and updated AD join script on GITHUB for Linux"
Stars: ✭ 97 (+21.25%)
Mutual labels:  ldap
ldaptools-bundle
Provides easy LDAP integration for Symfony via LdapTools.
Stars: ✭ 49 (-38.75%)
Mutual labels:  ldap
node-ldap
node ldap client
Stars: ✭ 24 (-70%)
Mutual labels:  ldap

vaultwarden_ldap

An LDAP connector for vaultwarden

After configuring, run vaultwarden_ldap and it will invite any users it finds in LDAP to your vaultwarden instance.

Deploying

This is easiest done using Docker. See the docker-compose.yml file in this repo for an example. If you would like to use Docker Hub rather than building, change build: . to image: vividboarder/vaultwarden_ldap.

Make sure to populate and mount your config.toml!

Configuration

Configuration is read from a TOML file. The default location is config.toml, but this can be configured by setting the CONFIG_PATH env variable to whatever path you would like.

Configuration values are as follows:

Name Type Optional Description
vaultwarden_url String The root URL for accessing vaultwarden. Eg: https://vw.example.com
vaultwarden_admin_token String The value passed as ADMIN_TOKEN to vaultwarden
vaultwarden_root_cert_file String Optional Path to an additional der-encoded root certificate to trust. Eg. root.cert. If using Docker see docker-compose.yml for how to expose it. Defaults to empty
ldap_host String The hostname or IP address for your ldap server
ldap_scheme String Optional The that should be used to connect. ldap or ldaps. This is set by default based on SSL settings
ldap_ssl Boolean Optional Indicates if SSL should be used and if we should connect with ldaps. Defaults to false
ldap_starttls Boolean Optional Indicates if the connection should be done using StartTLS
ldap_no_tls_verify Boolean Optional Indicates if certificate should be verified when using SSL. Defaults to true
ldap_port Integer Optional Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings
ldap_bind_dn String The dn for the bind user that will connect to LDAP. Eg. cn=admin,dc=example,dc=org
ldap_bind_password String The password for the provided bind user.
ldap_search_base_dn String Base dn that will be used when searching LDAP for users. Eg. dc=example,dc=org
ldap_search_filter String Filter used when searching LDAP for users. Eg. (&(objectClass=*)(uid=*))
ldap_mail_field String Optional Field for each user record that contains the email address to use. Defaults to mail
ldap_sync_interval_seconds Integer Optional Number of seconds to wait between each LDAP request. Defaults to 60
ldap_sync_loop Boolean Optional Indicates whether or not syncing should be polled in a loop or done once. Defaults to true

Alternatively, instead of using config.toml, all values can be provided using enviroment variables prefixed with APP_. For example: APP_VAULTWARDEN_URL=https://vault.example.com

Development

This repo has a predefined set of pre-commit rules. You can install pre-commit via any means you'd like. Once your system has pre-commit installed, you can run make install-hooks to ensure the hooks will run with every commit. You can also force running all hooks with make check.

For those less familiar with cargo, you can use the make targets that have been included for common tasks like running a debug version. make run-debug or building a release version make release.

Testing

All testing is manual right now. First step is to set up Bitwarden and the LDAP server.

docker-compose up -d vaultwarden ldap ldap_admin
  1. After that, open the admin portal on http://localhost:8001 and log in using the default account info:

    Username: cn=admin,dc=example,dc=org Password: admin

From there you can set up your test group and users.

  1. Expand the dc=example,dc=org nav tree and select "Create new entry here"

  2. Select "Generic: Posix Group"

  3. Give it a name, eg. "Users" and then save and commit

  4. Select "Create child object"

  5. Select "Generic: User Account"

  6. Give the user a name and select a group ID number and save and commit

  7. Select "Add new attribute" and select "Email" and then add a test email address

  8. Run the ldap sync

docker-compose up ldap_sync

Alternately, you can bootstrap some of this by running:

docker-compose -f docker-compose.yml -f itest/docker-compose.itest.yml up --build

Future

  • Any kind of proper logging
  • Tests
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].