bitwarden / directory-connector

A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.
https://bitwarden.com
GNU General Public License v3.0
255 stars 83 forks source link

AD Sync Fails with 404 #43

Closed KittyKatt closed 4 years ago

KittyKatt commented 4 years ago

I've tried this in both the CLI and GUI versions of the application. I'm receiving a duplicate response as the one in issue #21. I didn't want to necro that issue, so here we are. My redacted configuration (from the CLI version) is as follows, with domain names, personal info, and infrastructure removed.

{
  "installedVersion": "2.6.2",
  "environmentUrls": {
    "base": "https://bitwarden.example.com",
    "api": null,
    "identity": null,
    "webVault": null,
    "icons": null,
    "notifications": null,
    "events": null
  },
  "appId": "REDACTED",
  "accessToken": "REDACTED",
  "refreshToken": "REDACTED",
  "userEmail": "REDACTED",
  "userId": "REDACTED",
  "kdf": 0,
  "kdfIterations": 5000,
  "key": "REDACTED",
  "keyHash": "REDACTED",
  "encKey": "REDACTED",
  "encPrivateKey": "REDACTED",
  "organizationId": "REDACTED",
  "directoryType": 0,
  "directoryConfig_0": {
    "ssl": false,
    "sslAllowUnauthorized": false,
    "port": 389,
    "currentUser": false,
    "ad": true,
    "hostname": "ad1.example.com",
    "rootPath": "dc=example,dc=com",
    "username": "REDACTED",
    "password": "REDACTED"
  },
  "directoryConfig_2": {},
  "directoryConfig_1": {},
  "directoryConfig_3": {},
  "syncConfig": {
    "users": true,
    "groups": false,
    "interval": 5,
    "removeDisabled": false,
    "overwriteExisting": false,
    "useEmailPrefixSuffix": true,
    "creationDateAttribute": "whenCreated",
    "revisionDateAttribute": "whenChanged",
    "emailPrefixAttribute": "sAMAccountName",
    "memberAttribute": "MemberOf",
    "userObjectClass": "user",
    "groupObjectClass": "group",
    "userEmailAttribute": "mail",
    "groupNameAttribute": "name",
    "userFilter": "(&(memberOf=CN=Bitwarden,OU=Groups,DC=example,DC=com))",
    "groupPath": "OU=Groups",
    "userPath": "CN=Users"
  }
}

I get the error:

[2020-05-14 11:49:59][rocket::rocket][INFO] POST /api/organizations/REDACTED/import application/json; charset=utf-8:
[2020-05-14 11:49:59][_][ERROR] No matching routes for POST /api/organizations/REDACTED/import application/json; charset=utf-8.
[2020-05-14 11:49:59][_][WARN] Responding with 404 Not Found catcher.
[2020-05-14 11:49:59][_][INFO] Response succeeded.

It's worth noting that even in the GUI, where the I select the Organization from the dropdown box, this is happening. When I run a test sync, the correct users come back so I know it's not an issue with the connection to the directory. It's definitely an issue with the OrganizationId being returned by BitWarden being...incorrect? Or something. I can load that organization in the web UI and the same string that's returned in the error message is in the URL, so it seems at a glance to be correct. Not sure what's going on here.

kspearrin commented 4 years ago

Is this on-prem or using Bitwarden cloud?

KittyKatt commented 4 years ago

This is on-prem.

kspearrin commented 4 years ago

Maybe something is stale. Can you try logging out, check settings to make sure it is the right server URL, and then log in again.

KittyKatt commented 4 years ago

I'll log out and try it again. It's worth noting I'm seeing that error message on the SERVER side, so I know it's hitting the right server. The server just thinks the organization (or the route to the API call) doesn't exist, so it's 404'ing there.

kspearrin commented 4 years ago

Yes, I was just wanting to see if the client had the wrong org id for some reason. Logging out and back in would refresh that.

LiaraAlis commented 4 years ago

I can confirm this issue. The server responses with a 404 error. Logout and login again doesn't change this behaviour. Calling the url directly in the browser gives the same error.

kspearrin commented 4 years ago

Is your user account an organization admin? If not that would return a 404 on this particular API.

LiaraAlis commented 4 years ago

Is your user account an organization admin? If not that would return a 404 on this particular API.

Of course, yes. My user is the only user in the system and I created the organization. ;)

kspearrin commented 4 years ago

Are you using the official Bitwarden server or some 3rd party community edition?

kspearrin commented 4 years ago

From your logs, looks like you are using bitwarden_rs. Please open an issue with them.