Syncing AD user permissions

I’m not entirely clear if this question is a help request or, in fact, a feature request. Apologies in advance if I’ve posted this in the wrong section.

I’d like to make use of Vaultwarden for a small business to keep track of passwords provided to us by customers, and I’d like to make VW sync up with our AD. I know there’s a section on automatically inviting AD-users (LDAP sync), but this seems to be ONLY about inviting the users to the local Vaultwarden instance.

What I’d like to ideally do is use the official Bitwarden Directory Connector to sync up AD users and groups to one organization and grant / remove access to collections, as needed. The idea to use the official connector came from: Group / organization support? · Issue #77 · ViViDboarder/vaultwarden_ldap · GitHub

However, I seem to be stuck at the start trying to figure out what the client ID and secret should be when using Vaultwarden, and I can’t shake the feeling that this just isn’t implemented.

Can someone please let me know how to proceed (where to obtain client ID / secret for a local Vaultwarden installation) or clarify that this isn’t implemented and if what I’m trying to do is or isn’t possible?

If you want to use the Directory Connector you need to use version Release 2.9.2 · bitwarden/directory-connector · GitHub

Everything above that will not work with Vaultwarden.

Thanks! Just for the record - is this documented somewhere? I mean, I feel like I must have missed something when reading the Wiki / documentation…

EDIT: Hmm, I just realized that Vaultwarden has no concept of “groups”, so what I’m trying to do likely won’t work anyway. :frowning:

Supported features

  • Directory Connector support (basic implementation, no group support)
    Only version v2.9.2 and lower is supported, v2.9.3 and up use a different login method not supported yet.

Though it sounds like with what you are wanting, is going to need both the Directory Connector, and Bitwarden’s public API.
At this time Vaultwarden does not support the Public API, nor does the it support for groups as Vaultwarden does not currently have groups either.

About Directory Connector

The Bitwarden Directory Connector application syncs users and groups to a Bitwarden Organization from a selection of directory services. Directory Connector will automatically provision and de-provision users, groups, and group associations from the source directory.

Bitwarden Public API

The Bitwarden Public API provides Organizations a suite of tools for managing members, collections, groups, event logs, and policies.