9be8c67fa8
* Stage (#636) * Initial Draft. To do: "How it Works" + Event Logs, User Types, Plans & Pricing, Release Notes. * whoops, missed one * Merge latest into working (#616) * Update proof-of-concept.md (#607) The "Download Bitwarden" link was going to the Apple Store (https://get.bitwarden.com/) rather than the "Downloads" page (https://bitwarden.com/download/). * Update proof-of-concept.md (#610) * Create enterprise-feature-list.md (#611) * Azure SSO HiFi Documentation (#584) * azure HiFi documentation * finalize azure * typo fixes * Google Workspace HiFi SSO Documentation (#605) * Duo HiFi documentation (#598) * Buncha Stuff (#612) * clarification on where to find legacy mac .dmg * tip for update email address * code vetting security faq * /managing-items/ refactor * two-step login 'remember me' duration * small updates, including denoting purpose of the globe icon * additional tip for deleting users in a self-host org! * uri component pieces * encryption key edit * importing cleanup * notes re: importing on file attachements * Removes custom Safari shortcut docs (#499) Bitwarden 1.25.0 on MacOS with Safari seems to use the standard MacOS shortcut for autofill (`Cmd + Shift + L`) and the custom Safari shortcuts no longer work (`Cmd + \ or Cmd + 8 or Cmd + Shift + P`). * Update Microsoft Store Installation path (#614) * Correct path for Microsoft Store app (#615) Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com> Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com> Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com> Co-authored-by: Alex <abanay@bitwarden.com> * mpwr event logging * mpwr user permissions * admin pw reset 2nd draft * final(ish) draft * password reprompt * initial bwdc updates (to do: update cli login procedure) * update personal api key article to better distingush from org api key * refactors bwdc desktop app article * clearer instructions for getting api key * bwdc cli login scheme * Bulk Org User Actions * export event logs * cli get notes * send cli --maxAccessCount * autofill on page load enhancements * onpageload TOTP copy * release notes & typo Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com> Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com> Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com> Co-authored-by: Alex <abanay@bitwarden.com> * typo fix * fix * fix * fix * mpwr final * mpw reprompt - better gif * finalize event logs * fixes to autofill o.p.l. & better screenshot * directory connector large sync * reorder rn * edits from cscharf * fix date * mp re-prompt warning * mobile re-prompt notes * downcase it * semi-vague timeline tweak Co-authored-by: Andrea Lebron <78605241+alebr-on@users.noreply.github.com> Co-authored-by: baylorrandolph <70168800+baylorrandolph@users.noreply.github.com> Co-authored-by: Charles Renwick <crenwick@users.noreply.github.com> Co-authored-by: Alex <abanay@bitwarden.com>
7.5 KiB
layout, title, categories, featured, popular, tags, order
| layout | title | categories | featured | popular | tags | order | |
|---|---|---|---|---|---|---|---|
| article | Directory Connector CLI |
|
true | false | 03 |
The Directory Connector CLI is suited toward work in environments where a desktop GUI is unavailable, or if you want to programmatically script directory sync operations using tools provided by the operating system (cron job, scheduled task, etc.). The Directory Connector CLI can be used cross-platform on Windows, macOS, and Linux distributions.
Getting Started
To get started using the Bitwarden Directory Connector CLI:
-
Download the CLI from one of the following links:
-
Extract the
.zipand move the contents (bwdcandkeytar.node) to/usr/local/binor another directory in your$PATH. Please note,keytar.nodemust be in the same directory as the primarybwdcexecutable.Linux Only: If not already installed, install
libsecretwith your package manager of choice:apt-get install libsecret-1-0 brew install libsecretWindows Only: Windows users can add
bwdc.exeto the current user'sPATH{:target="_blank"}. -
Verify that the
bwdccommand works in your terminal by running the following:bwdc --help -
Connect Directory Connector to your Directory using the
bwdc config <setting> <value>command (see command reference). -
Configure Sync Options by editing your
data.jsonfile (to learn more, see [Directory Connector File Storage]({% link _articles/directory-connector/directory-sync-shared.md %})). Use thebwdc data-filecommand to obtain the absolute path of yourdata.jsonfile.Available Sync Options depend on the directory type in use, so refer to one of the following articles for a list of options available to you:
- [Sync with Active Directory or LDAP]({% link _articles/directory-connector/ldap-directory.md %})
- [Sync with Azure Active Directory]({% link _articles/directory-connector/azure-active-directory.md %})
- [Sync with G Suite (Google)]({% link _articles/directory-connector/gsuite-directory.md %})
- [Sync with Okta]({% link _articles/directory-connector/okta-directory.md %})
- [Sync with OneLogin]({% link _articles/directory-connector/onelogin-directory.md %})
-
Run the
bwdc testcommand to check whether your configuration would sync the expected results. -
Once your Directory and Sync Options are properly configured, and
bwdc testyields the expected results, run thebwdc synccommand to start a live sync operation.
Commands Reference
login
Use the login command to login to Directory Connector with your Organization API Key. If you don't have the API Key, reach out to an Organization Owner. There are a few ways to use the login command:
-
By itself:
bwdc loginPassing
bwdc loginby itself will prompt you to subsequently enterclient_idandclient_secret. -
With parameters:
bwdc login organization.b5351047-89b6-820f-ad21016b6222 yUMB4trbqV1bavhEHGqbuGpz4AlHm9 -
With saved environment variables:
BW_CLIENTID="organization.b5351047-89b6-820f-ad21016b6222" BW_CLIENTSECRET="yUMB4trbqV1bavhEHGqbuGpz4AlHm9" bwdc loginSaving the environment variables
BW_CLIENTIDandBW_CLIENTSECRETallows you to login to Directory Connector using onlybwdc login, which will check for those variables and use them if present.If these environment variables aren't present, you will be prompted to enter your
client_idandclient_secret.
logout
Use the logout command to logout of the Directory Connector CLI.
bwdc logout
help
The Bitwarden Directory Connector CLI is self-documented with --help content and examples for every command. List all available commands using the global --help option:
bwdc --help
Use the --help option on any specific command to learn more about that command:
bwdc test --help
bwdc config --help
test
The test command queries your directory and prints a JSON formatted array of groups and users that would be synced to your Bitwarden Organization whenever you run a real sync operation.
bwdc test
Use the --last option to test only the changes since the last successful sync.
bwdc test --last
sync
The sync command runs a live sync operation and pushes data to your Bitwarden Organization.
bwdc sync
Synced users and groups will be immediately available in your Bitwarden organization. Newly added users will receive an email invite to your Organization.
last-sync
The last-sync command returns an ISO 8601{:target="_blank"} timestamp for the last sync operation that was performed for users or groups. You must specify either users or groups as an <object> to run the command against:
bwdc last-sync <object>
Returns an empty response if no sync has been performed for the given object.
config
The config command allow you to specify your Directory settings:
bwdc config <setting> <value>
Options include:
server <server-url>directory <directory-type>ldap.password <password>azure.key <key>gsuite.key <key>okta.token <token>onelogin.secret <secret>
{% callout success %}
ldap.password, azure.key, gsuite.key, okta.token, and onelogin.secret can only be modified from the CLI using bwdc config, or from the [Desktop Application]({% link _articles/directory-connector/directory-sync-desktop.md %}).
{% endcallout %}
data-file
The data-file command returns an absolute path to the data.json configuration file used by the Directory Connector CLI:
bwdc data-file
Configuration settings can be modified for the Directory Connector CLI by editing the data.json configuration file directly in your favorite text editor.
clear-cache
The clear-cache command allows you to clear cached data that the application stores while performing sync operations. For more information, see [Clear Sync Cache]({% link _articles/directory-connector/clear-sync-cache.md %}).
bwdc clear-cache
update
The update command allows you to check if your Directory Connector CLI is up-to-date:
bwdc update
If a newer version is found, the command will return a URL to download a new version. The Directory Connector CLI will not automatically update. You will need to use this URL download the new version manually.
{% callout warning %} If you using the CLI and Desktop App together, it is important to ensure their versions match whenever in use. Running two different versions may cause unexpected issues.
Check the version of the Directory Connector CLI using the --version global option.
{% endcallout %}
Troubleshooting
If you receive an error message referring to the libsecret shared object Error: libsecret-1.so.0: cannot open shared object file: No such file or directory, you may need to install libsecret which is required to store things securely on the host.