mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-25 17:25:57 +03:00
[GH-ISSUE #122] Feature request: LDAP Backend #68
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#68
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ImNtReal on GitHub (Aug 9, 2018).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/122
It would be awesome if I could integrate this with my existing LDAP server, so my account to get my master password would be the same that I use to login to the rest of the services I'm hosting on the same server.
@dani-garcia commented on GitHub (Aug 10, 2018):
I think this is in the same position as #94, if someone can PR an implementation that isn't overly complex, I'll be happy to merge it, but I don't plan on doing this myself.
@dani-garcia commented on GitHub (Nov 9, 2018):
To keep the issue tracker more focused, I'm closing this issue in favor of the meta issue at #246.
@MrSnoozles commented on GitHub (Dec 13, 2018):
In which way would LDAP get implemented? The official server is using the directory connector to synchronize accounts. The connector is getting user and group data from the domain and sends them to
/api/organizations/<id>/importThe data getting sent looks as follows:
So I guess the
import-endpoint should get implemented to stay compatible with the official server, right? Or would this be solved differently, e.g. with LDAP authentication directly integrated into the server?@dani-garcia commented on GitHub (Dec 13, 2018):
Huh, I didn't know that the directory connector existed, I though that was integrated in the server. I would prefer to keep compatible with the official server yes.
In this case, the connector probably makes LDAP easier to implement, but how does it work exactly? Does that create the users or do they need to exist already? Is the functionality just adding and removing users from the org or is there more?
Groups at the moment are not implemented, only collections, so that's something to have in mind, but we could have a version that only handles users.
I imagine an implementation of this would be similar to the methods
send_invite,confirm_inviteanddelete_userthat we already have to handle adding and removing users from organizations. This is insrc/api/core/organizations.rs.@MrSnoozles commented on GitHub (Dec 13, 2018):
I think it should create and delete the users too, as one of the points of LDAP/ Active Directory is, that you set up users only once for all your applications. I'm going to try it with the official server and let you know.
@dani-garcia commented on GitHub (Dec 13, 2018):
That would make sense, but the data sent doesn't contain a passwordhash or anything and we need that to create the account, so if it works like that then the login step has to be different.
@MrSnoozles commented on GitHub (Dec 13, 2018):
I just checked the official implementation. It's just adding and removing people to/from the organization depending on the email address. They have to exist in the system before and are not getting created.
@mprasil commented on GitHub (Dec 13, 2018):
I assume they appear as accepted and you still need to confirm them in the org interface?
@ViViDboarder commented on GitHub (Apr 15, 2019):
FYI: A form of LDAP syncing has been added to the wiki.