ViViDboarder / vaultwarden_ldap

Automate LDAP invites to Vaultwarden
GNU General Public License v3.0
161 stars 29 forks source link

Can support ldap group members #87

Closed changchunhua2017 closed 2 years ago

changchunhua2017 commented 2 years ago

Can support ldap group members ? Only members of specified groups are allowed to invite , not ALL(uid=*)

I use freeipa server ,my config.toml ldap_search_filter expression :

*ldap_search_filter = "(&(objectClass=)(memberof=cn=vaultwarden,cn=groups,cn=accounts,dc=xxx,dc=cn))**

but not found user,log output:

ldap_sync | Sent invites to 0 user(s). ldap_sync | Sent invites to 0 user(s). ldap_sync | Sent invites to 0 user(s). ldap_sync | Sent invites to 0 user(s). ldap_sync | Sent invites to 0 user(s).

ViViDboarder commented 2 years ago

If your LDAP server can support the query, then yes. Does your query turn up results when you use ldaps or something?

tetricky commented 2 years ago

I can confirm that I have exactly this functionality in my setup (I want one group to be automatically invited, and will only manually invite individuals outside that group).

My config is here (issue 88), if that is any use for guidance. I am using lldap - which is very low functionality (and overhead), and still works well in this use case.

ViViDboarder commented 2 years ago

This service has no concept of an ldap group or anything like that. It merry passes your query to your ldap server via a client package.

You’ll need to refine your query and I’m unfortunately not great with ldap queries.