bitwarden_rs_ldap_sync_1 exited with code 101 about vaultwarden_ldap HOT 7 CLOSED

That is correct. The passwords are all handled on the client side so there is no way to sync passwords.

from vaultwarden_ldap.

So it looks like it's failing before it even gets to the LDAP query, so the issue is definitely on the connection to Bitwarden_rs.

This is my first and only Rust project, so I don't think I'm handling errors in a very productive way so debugging is a bit difficult.

To try and debug a bit, you could try to see if the API call works in your browser. Go to https://bitwarden.example.com/admin/ and then enter your token. Then try to go to https://bitwarden.example.com/admin/users and see if that works. It looks like it's reaching the server but the results may not be JSON or something.

from vaultwarden_ldap.

I have logged into the admin page. That happened without issue. I went to the users. There were none listed, so I tried to create a user and see if that would help, of course it did not.

Right now I am testing so the passwords that I'm using are very simple. the admin token is literally "admin." Could that be the issue? I know using that will get me into the admin page on Bitwarden.

Also just incases my docker-compose is an issue here it is, and I'm using Ubuntu on a VM through my Mac mini (not an M1 mac)

version: '3'
services:
ldap_sync:
image: vividboarder/bitwarden_rs_ldap
volumes:
- ./config.toml:/config.toml:ro
# ./root.cert:/usr/src/bitwarden_rs_ldap/root.cert:ro
environment:
RUST_BACKTRACE: full
CONFIG_PATH: /config.toml
restart: always
bit_rs:
image: bitwardenrs/server:latest
environment:
- ADMIN_TOKEN=admin
- SMTP_HOST=smtp.gmail.com
- SMTP_FROM=[email protected]
- SMTP_PORT587
- SMTP_SSL=true
- SMTP_USERNAME=[email protected]
- SMTP_PASSWORD=SomePassword
- LOG_FILE=/data/bitwarden.log
- SIGNUPS_ALLOWED=false
- INVATATIONS_ALLOWED=true
volumes:
- ./data:/data/
ports:
- 80:80

Also I have a raspberry pi3 running an nginx reverse proxy on ubuntu, that I use to encrypt anything internet facing.

I really appreciate the help, and I will continue my search to see if I can figure out anything, but I truly don't speak any computer languages. lol

from vaultwarden_ldap.

Since your Bitwarden_rs and Bitwarden_rs_ldap_sync are in the same Compose file, try skipping your reverse proxy and setting the bitwarden_url = http://bit_rs:80, similar to how I have it in the example.

from vaultwarden_ldap.

That seemed to make the instance work. So I'm guessing it has to do with my reverse proxy, and when researching it looks like I have to install an ldap-module and set headers for nginx to pass everything along... I guess that's what I'm reading lol.

unfortunately My nginx reverse proxy is in production, and I don't want to mess with it yet. So I will have to play around with my other raspi, and get a testing environment setup for nginx.

Here is what I've looked up so far. https://www.nginx.com/blog/nginx-plus-authenticate-users/

from vaultwarden_ldap.

Yea, if your proxy is adding or removing any kind of auth headers when connecting to Bitwarden, that could explain it.

From a safety perspective, it's better if this connection is over the private network anyway. I would have the ldap sync use the internal hostname (as in the example) and then have my proxy block any external access to /admin entirely. Since your ldap sync service will bypass the proxy, it will be unaffected and external services cannot brute force their way into your admin portal.

from vaultwarden_ldap.

sorry to ask one more question. I was able to get it working. I mis-read your original instructions and when you told me to use the ldap sync internal a light bulb went off.

But my question is. It syncs the email, but not the password? so all this does is find emails and invites them from the directory? Sorry for the ignorance, with this question.

from vaultwarden_ldap.