Configuring LDAP Authentication (FreeIPA) in Vaultwarden (Bitwarden_RS)

vaultwarden-ldap – simple LDAP connector for Vaultwarden

The previous article covered the installation of the Vaultwarden password manager (Bitwarden_RS)

Switch to user Vaultwarden

$ sudo su - vaultwarden

Download the ldap authorization module for Vaultwarden from the repository and install it

$ wget
$ tar xzvf v0.4.0.tar.gz
$ cd vaultwarden_ldap-0.4.0/
$ cargo new --bin vaultwarden_ldap
$ cargo build --locked --release

Copying the config

$ cp /opt/vaultwarden/vaultwarden_ldap-0.4.0/example.config.toml /opt/vaultwarden/vaultwarden_ldap-0.4.0/target/release/config.toml

Switch to sudo-user

$ exit

Editing the config for vaultwarden_ldap

$ sudo nano /opt/vaultwarden/vaultwarden_ldap-0.4.0/target/release/config.toml
vaultwarden_url = ""
vaultwarden_admin_token = "Q8rKXS3l6jmUYrcJGlwueZhiiIZWteGMVZe7Db/qFe0nQ68C5P5H4Bdi/1AMv4xU"
ldap_host = ""
ldap_bind_dn = "uid=myuser,cn=users,cn=accounts,dc=example,dc=local"
ldap_bind_password = "mupass"
ldap_search_base_dn = "cn=users,cn=accounts,dc=example,dc=local"
ldap_search_filter = "(&(objectClass=posixAccount)(memberOf=cn=vaultwarden,cn=groups,cn=accounts,dc=example,dc=local))"
ldap_sync_interval_seconds = 10

This config indicates that users from the vaultwarden group will have access to the Vaultwarden (an email will be sent to them when the service starts)

Create Systemd Unit

$ sudo nano /etc/systemd/system/vaultwarden-ldap.service

Description=Bitwarden LDAP (Rust Edition)
Documentation= mariadb.service

# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
# The location of the .env file for configuration
# The location of the compiled binary
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)


We start the service, check the status

$ sudo systemctl daemon-reload
$ sudo systemctl enable vaultwarden-ldap --now
$ sudo systemctl status vaultwarden-ldap