diff --git a/Syncing-users-from-LDAP.md b/Syncing-users-from-LDAP.md index ee3c946..9cf9af9 100644 --- a/Syncing-users-from-LDAP.md +++ b/Syncing-users-from-LDAP.md @@ -1,5 +1,7 @@ LDAP integration is performed using a small service that queries LDAP and invites users to your Vaultwarden instance. This service is uncreatively named [vaultwarden_ldap](https://github.com/ViViDboarder/vaultwarden_ldap). +Because of Vaultwardens zero-trust architecture this service does not provide synchronization of passwords but only invitations for new LDAP members. + It is not yet distributed as a binary, but there is an available Docker image [vividboarder/vaultwarden_ldap](https://hub.docker.com/r/vividboarder/vaultwarden_ldap). Before deploying, you must [[enable your vaultwarden admin page|Enabling-admin-page]]. This enables the API that the LDAP sync service will use to invite users. The `ADMIN_TOKEN` that you set will be used when configuring the LDAP sync service. You must also be sure to **not** disable the invitation capability. To verify this, double check that the environment variable `INVITATIONS_ALLOWED` is not set to `false`.