[GH-ISSUE #1534] LDAP #993

New issue

Closed

opened 2026-03-03 02:05:21 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 02:05:21 +03:00

Owner

Originally created by @cyberb on GitHub (Mar 25, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1534

I wan to implement a simple LDAP auth as I need it for Syncloud (https://github.com/syncloud/platform) project.
Similar to this (github.com/cyberb/api@2d011fff7d) once done for a rust pi-hole fork.
I have quickly checked the code and I think the logic will be as follows:

Configure ldap (enabled, address, binddn)
Change webui to allow non email username (optional)
Backend: if enabled and authenticated against LDAP
Backend: register user with the info from LDAP record if does not exist yet.

Any advices before I start?
I will do this anyway even if it will stay in my fork.

Originally created by @cyberb on GitHub (Mar 25, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1534 I wan to implement a simple LDAP auth as I need it for Syncloud (https://github.com/syncloud/platform) project. Similar to this (https://github.com/cyberb/api/commit/2d011fff7df062d36a6044806d2b7f893e74e334) once done for a rust pi-hole fork. I have quickly checked the code and I think the logic will be as follows: 1. Configure ldap (enabled, address, binddn) 2. Change webui to allow non email username (optional) 3. Backend: if enabled and authenticated against LDAP 4. Backend: register user with the info from LDAP record if does not exist yet. Any advices before I start? I will do this anyway even if it will stay in my fork.

kerem closed this issue

2026-03-03 02:05:21 +03:00

kerem commented

2026-03-03 02:05:22 +03:00

Author

Owner

@nightmared commented on GitHub (Mar 25, 2021):

Hello, I'm interested in such a feature too, but I wonder how this can work given the problems discussed at https://github.com/dani-garcia/bitwarden_rs/pull/677#issuecomment-553606347 (the fact that a password change in the LDAP directory will make the vault inacessible). Do you plan on adding an ldap attribute to store t fixed passwordfor the vault, or do you have another idea to solve this hurdle?

Thanks!

@nightmared commented on GitHub (Mar 25, 2021): Hello, I'm interested in such a feature too, but I wonder how this can work given the problems discussed at https://github.com/dani-garcia/bitwarden_rs/pull/677#issuecomment-553606347 (the fact that a password change in the LDAP directory will make the vault inacessible). Do you plan on adding an ldap attribute to store t fixed passwordfor the vault, or do you have another idea to solve this hurdle? Thanks!

kerem commented

2026-03-03 02:05:22 +03:00

Author

Owner

@BlackDex commented on GitHub (Mar 25, 2021):

There already is a working solution which uses the official support directory tools from bitwarden. See: github.com/dani-garcia/bitwarden_rs@85e3c73525
LDAP and SSO can only be used for account creation or validation. Not for auto login. You always need a master password to decrypt the vault.
So, what would be an addition to this project would be SSO, but that is a huge endeavor.

@BlackDex commented on GitHub (Mar 25, 2021): There already is a working solution which uses the official support directory tools from bitwarden. See: https://github.com/dani-garcia/bitwarden_rs/commit/85e3c73525d327042c1ad142e48c044a5dbdd89c LDAP and SSO can only be used for account creation or validation. Not for auto login. You always need a master password to decrypt the vault. So, what would be an addition to this project would be SSO, but that is a huge endeavor.