vaultwarden_ldap

vaultwarden_ldap copied to clipboard

It would be helpful for a bitwarden_root_cert_file-like config option for a custom LDAP certificate authority. My LDAP server uses a certificate from an internal CA and while ldap_no_tls_verify is a workaround, it's not ideal.

That makes sense. The addition of this feature will be a little less straightforward as compared to the no verify one.

It looks like, so solve this within the application, when we initialize the connection with our LdapConnSettings, we will need to use set_connector(...) to provide a TlsConnector that, through it's builder, is provided a custom root certificate using ad_root_certificate.

Alternately, as far as I can tell, the system should, by default, use your system root certificate store. If you add your custom certificate to your system store, it should work just fine.

I know just enough Rust to be dangerous and was surprised at the number of layers one must dig down to be able to specify a custom CA for TLS connections.

I also agree that fiddling with the image's CA bundle should also work. This also seems like a workaround rather than a solution as it means either the host must have the custom CA bundle to map in (currently mine does not but obviously this can be changed) or require creating a new image based on your image. It also has a light dependency on the underlying OS of your image not changing in case the OS's location for the system CA bundle changes.