Commit 4695db45 authored by Ian Fijolek's avatar Ian Fijolek

Allow disabling LDAP integration by disabling SSO

parent 8c3755c8
......@@ -5,9 +5,11 @@
"description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG",
"tagline": "Rust implementation of the Bitwarden API",
"version": "0.1.4",
"version": "0.2.0",
"healthCheckPath": "/healthcheck",
"httpPort": 80,
"optionalSso": true,
"postInstallMessage": "<sso>Any users with access should automatically receive an invite and be able to register for their own accounts. They will need to create a new password for this application due to client side encryption requirements. You can manage the server through the admin interface at `/admin`</sso><nosso>On initial creation, no users will have access to the server. You must visit `/admin` and invite any users that you wish to have access.</nosso>",
"addons": {
"ldap": {},
"localstorage": {},
......
......@@ -48,8 +48,6 @@ ENV ROCKET_WORKERS=10
ENV DATA_FOLDER=/app/data
ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
......
......@@ -13,8 +13,6 @@ ENV ROCKET_WORKERS=10
ENV DATA_FOLDER=/app/data
ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
......
......@@ -52,7 +52,7 @@ DOCKER_TAG := cloudron-app-bitwarden
# The latest version that this should be tagged as.
# This should equal whatver is in your `CloudronManifest.json` file. If you
# do not have `jq` installed, you should hard code this value.
VERSION := $(shell jq -r .version CloudronManifest.son || echo 'latest')
VERSION := $(shell jq -r .version CloudronManifest.json || echo 'latest')
# Full registry/repo/tag. This is used for pushing and pulling.
DOCKER_FULL := $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_TAG)
......
......@@ -3,9 +3,12 @@ set -e
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
if [ -z "${CLOUDRON_LDAP_SERVER}" ]; then
echo "=> SSO integration disabled. Skip LDAP invites"
else
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${CLOUDRON_LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${CLOUDRON_LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${CLOUDRON_LDAP_BIND_DN}/"\
......@@ -14,5 +17,6 @@ sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
fi
......@@ -3,6 +3,8 @@
set -eu
echo "=> Exporting env vars expected by Bitwarden"
export SIGNUPS_ALLOWED=false
export INVITATIONS_ALLOWED=true
export DOMAIN=$CLOUDRON_APP_ORIGIN
export SMTP_HOST=$CLOUDRON_MAIL_SMTP_SERVER
export SMTP_FROM=$CLOUDRON_MAIL_FROM
......@@ -24,9 +26,12 @@ fi
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Admin token: ${ADMIN_TOKEN}"
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
if [ -z "${CLOUDRON_LDAP_SERVER}" ]; then
echo "=> SSO integration disabled. No LDAP config to generate"
else
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${CLOUDRON_LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${CLOUDRON_LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${CLOUDRON_LDAP_BIND_DN}/"\
......@@ -34,6 +39,7 @@ sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##BITWARDEN_HOSTNAME/${CLOUDRON_APP_HOSTNAME}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
fi
echo "=> Starting supervisord"
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Bitwarden
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment