Enterprise usecase

[deajan]

Hi,

Just gave your project a testdrive through #23 which is obviously quite easy to setup.

While your password manager looks nice and seems well built in terms of security, it lacks some features that would made it outstanding:

• Possibility to create new application types
• Folders (or customers) that can be shared with teams as RO / RW, so every new entry in a folder is shared by default
• password history
• Session timeouts depending on accessing IP address (so one gets 30 days session at work and 30 min sessions at a customers place)
• File storage in applications (sometimes you need to share a big CSV with hundreds of passwords for migrations... You won't create an application per entry for those use cases)
• Import / Export (no password manager can be seen as a valuable option if it doesn't allow to export it's data)
• Android / IOS app (actually an app that just wraps your frontend for easy access)

I've tested multiple other solutions and none provided a certificate for authentication. Nice one, really appreciable.

Thanks for developping your solution. Might become a great contender to Bitwarden, Psono, sysPass and others.
Wish you well.

[eusonlito]

Thanks for your ideas :)

Some are not easy, but password export is a must in any password manager, I will do it ASAP. Anyway, you will allowed to export only accesible passwords to admin, but not not shared (private) users passwords. Also export will be available with encrypt option using a custom password.

Thanks!

[h3nr1-g]

Another "enterprise" feature would be a LDAP/AD integration. I was able to implement an OpenLDAP integration for our LDAP structure (see the branch "Add_ldap" in my fork). However, I'm not sure how stable/well implemented this integration is.

[eusonlito]

Maybe LDAP integration can be done using the API instead adding new features to core. Check this endpoints #9 (comment)

[eusonlito]

@deajan Added Export Feature (Profile > Export).

[deajan]

@eusonlito Nice ;)

[h3nr1-g]

@eusonlito : Unfortunately, I cant use the provided API endpoints for the LDAP Integration. You need some kind of mechanism for the synchronization of thr user credentials. From my Point of View, a proper Integration of Laravels LDAP library is the only reliable way.

[eusonlito]

@h3nr1-g but, what's the problem with API endpoints? This allow a customizable users sync for any integration.

[h3nr1-g]

Yes, you are right. With the API end points I can sync the users (at least I can create local copies). However, i have no possibilty to sync the User passwords since they are stored encrypted in the LDAP server. As a result, the copied users can Not be authenticated.
Another drawback of this approach is that everytime an User changes His Password, you need to run this sync process.

[eusonlito]

Ok, let me some time to check the LDAP AUTH. Please @h3nr1-g create an issue for this feature request :)