Comments (7)
That is correct. The passwords are all handled on the client side so there is no way to sync passwords.
from vaultwarden_ldap.
So it looks like it's failing before it even gets to the LDAP query, so the issue is definitely on the connection to Bitwarden_rs.
This is my first and only Rust project, so I don't think I'm handling errors in a very productive way so debugging is a bit difficult.
To try and debug a bit, you could try to see if the API call works in your browser. Go to https://bitwarden.example.com/admin/
and then enter your token. Then try to go to https://bitwarden.example.com/admin/users
and see if that works. It looks like it's reaching the server but the results may not be JSON or something.
from vaultwarden_ldap.
I have logged into the admin page. That happened without issue. I went to the users. There were none listed, so I tried to create a user and see if that would help, of course it did not.
Right now I am testing so the passwords that I'm using are very simple. the admin token is literally "admin." Could that be the issue? I know using that will get me into the admin page on Bitwarden.
Also just incases my docker-compose is an issue here it is, and I'm using Ubuntu on a VM through my Mac mini (not an M1 mac)
version: '3'
services:
ldap_sync:
image: vividboarder/bitwarden_rs_ldap
volumes:
- ./config.toml:/config.toml:ro
# ./root.cert:/usr/src/bitwarden_rs_ldap/root.cert:ro
environment:
RUST_BACKTRACE: full
CONFIG_PATH: /config.toml
restart: always
bit_rs:
image: bitwardenrs/server:latest
environment:
- ADMIN_TOKEN=admin
- SMTP_HOST=smtp.gmail.com
- SMTP_FROM=[email protected]
- SMTP_PORT587
- SMTP_SSL=true
- SMTP_USERNAME=[email protected]
- SMTP_PASSWORD=SomePassword
- LOG_FILE=/data/bitwarden.log
- SIGNUPS_ALLOWED=false
- INVATATIONS_ALLOWED=true
volumes:
- ./data:/data/
ports:
- 80:80
Also I have a raspberry pi3 running an nginx reverse proxy on ubuntu, that I use to encrypt anything internet facing.
I really appreciate the help, and I will continue my search to see if I can figure out anything, but I truly don't speak any computer languages. lol
from vaultwarden_ldap.
Since your Bitwarden_rs and Bitwarden_rs_ldap_sync are in the same Compose file, try skipping your reverse proxy and setting the bitwarden_url = http://bit_rs:80
, similar to how I have it in the example.
from vaultwarden_ldap.
That seemed to make the instance work. So I'm guessing it has to do with my reverse proxy, and when researching it looks like I have to install an ldap-module and set headers for nginx to pass everything along... I guess that's what I'm reading lol.
unfortunately My nginx reverse proxy is in production, and I don't want to mess with it yet. So I will have to play around with my other raspi, and get a testing environment setup for nginx.
Here is what I've looked up so far. https://www.nginx.com/blog/nginx-plus-authenticate-users/
from vaultwarden_ldap.
Yea, if your proxy is adding or removing any kind of auth headers when connecting to Bitwarden, that could explain it.
From a safety perspective, it's better if this connection is over the private network anyway. I would have the ldap sync use the internal hostname (as in the example) and then have my proxy block any external access to /admin
entirely. Since your ldap sync service will bypass the proxy, it will be unaffected and external services cannot brute force their way into your admin portal.
from vaultwarden_ldap.
sorry to ask one more question. I was able to get it working. I mis-read your original instructions and when you told me to use the ldap sync internal a light bulb went off.
But my question is. It syncs the email, but not the password? so all this does is find emails and invites them from the directory? Sorry for the ignorance, with this question.
from vaultwarden_ldap.
Related Issues (20)
- Crashing when encountering users without an email address HOT 3
- ldap login problem HOT 1
- Clarify documentation on intent of application HOT 2
- Unable to Sync Users with Vaultwarden instance HOT 1
- Enable environment variable with the ID of the organization to which users are to be invited HOT 1
- Unable to Sync Users with Vaultwarden
- Cannot open admin portal on http://localhost:8001 HOT 1
- vividboarder/vaultwarden_ldap:alpine image not updated HOT 4
- Do not use "restart = unless stopped" (docker-compose) and "ldap_sync_loop = false" (config.toml) ! HOT 1
- Request a feature HOT 1
- Disable users that vanished from LDAP HOT 7
- Proper communication with LDAP HOT 2
- Group / organization support? HOT 2
- LDAP login authentication failure HOT 6
- Anonymous bind enabled? HOT 1
- Can support ldap group members HOT 3
- Help translating ldapsearch query into working config HOT 1
- LDAP Synchronization with Microsoft Active Directory LDAP not working HOT 1
- The data will be cleared if to execute `docker-compose up` HOT 6
- Bind DN to authenticate is empty when using Authentik LDAP HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vaultwarden_ldap.