OpenLDAP Docker server
This method uses an OpenLDAP Docker image to run a local directory service that you can use for development.
Requirements
-
An Enterprise organization
LDIF file
An LDIF file contains the configuration for your directory (such as users, groups, etc).
Download example LDIF file
For most use cases, you can download one of these sample LDIF files to get you up and running quickly:
Generate your own LDIF file
Alternatively, you can generate your own LDIF file using the following instructions. You don't need to do this unless you have special requirements.
-
Download the LDIF Generator
-
Replace the
Data/mail-hosts.txt
file with our own mail-hosts.txt file. This contains a high number of unique host names to avoid duplicate email addresses being generated. -
Run
java -jar LDIFGen.jar
-
Use the following settings:
-
Base Added: dc=bitwarden, dc=com
-
Generate OUs: Generic
-
Generate People: add
-
-
Click "Run"
-
The LDIF output may contain illegal characters in email addresses (such as spaces and apostrophes) - you should check this manually before using.
Start Open LDAP
-
Open a terminal in your local server repository
-
Go to the
dev
folder:cd dev
-
Copy your LDIF file into this folder and call it
directory.ldif
:cp path/to/file.ldif ./directory.ldif
-
Start the OpenLDAP Docker container
docker-compose --profile ldap up -d
If you ever change the LDIF file, you can force Docker to use the new file by running this command again with the
--force-recreate
flag.
Configure Directory Connector
-
Run the Directory Connector Electron app (see the build instructions)
-
Log in using the organization API key
-
Use the configuration settings below
Directory Settings
-
Type: Active Directory / LDAP
-
Server Hostname: localhost
-
Server Port: 389
-
Root Path: dc=bitwarden,dc=com
-
This server uses Active Directory: [unchecked]
-
This server pages search results: [unchecked]
-
This server uses an encrypted connection: [unchecked]
-
Username: cn=admin,dc=bitwarden,dc=com
-
Password: admin
Sync Settings
-
User Path: [blank]
-
User Object Class: person
-
User Email Attribute: mail
-
Group Path: [blank]
-
Group Object Class: organizationalUnit
-
Group Name Attribute: ou
Sync
When you do a real sync, invitation emails will be sent out to all synced users. Make sure that you're using Mailcatcher so you don't send live emails.
-
Click the "Test Now" button in Directory Connector. You should get a list of users
-
When you're ready, click "Sync Now" to perform a real sync. You should receive a confirmation message in Directory Connector, and see the newly invited users in the web vault