I finally thought that I found the right configuration for the Directory Connector syncing users from my Samba AD as it showed my a successful test and after starting the sync a successful sync. But unfortunately no invitations have been send out and no additional users show up in /admin/user/overview.
the log only show two lines for the sync attempt:
Aug 25 20:36:32 vault vaultwarden[33985]: [2021-08-25 20:36:32.014][request][INFO] POST /api/organizations/UUID_OF_ORGANIZATION/import
Aug 25 20:36:32 vault vaultwarden[33985]: [2021-08-25 20:36:32.024][response][INFO] POST /api/organizations/<org_id>/import (import) => 200 OK
this is running vaultwarden in a FreeBSD jail (12.2p10) version 1.22.2 and Directory Connector 2.9.2
Basic experimental support for LDAP import using the official Directory Connector.
Note that users can’t be created by this tool, it only can add or remove them from an organization.
Autoimported users join the organization with user level and they need to be confirmed by an admin or owner from the web vault. If SMTP is enabled, users will need to accept the email invitation beforehand.
Important: enabling the checkbox “Overwrite existing organization users…” in the Directory Connector can cause already existing users from the organization to be removed when syncing if they aren’t present in the LDAP server, while the official server differenciates between manually added and autoimported users, and won’t delete the manually added ones. This only applies to the user level, and not to managers, admins or owners, and will probably be changed in the future to align with upstream.
If I understand this correctly, user needs to create it’s own account first, then connector can add it to the organization (it seems to work after a quick test I did).
That is too bad as I was hoping new users are added automatically, but then they need to setup password on first login.
If you have the ADMIN panel, SMTP, and invitations enabled you should be able to use this to invite new users to the Org.
This should at least send email notice that and account is ready for the user to setup, and they can then go to create their account with a master password.
I saw that but I decided for connector as it is actively developed by Bitwarden to support their solution. But it seems vaultwarden_ldap and bitwarden_connector are complementary. The first creates and invited users to vaultwarden and the latter assigns users to groups.
but that is the curious thing with my issue. The test shows a successful result: