LDAP role membership issue where space in CN #1063

New Issue

OVERLORD · 2026-02-04T23:39:23+03:00

OVERLORD commented

2026-02-04 23:39:23 +03:00

Originally created by @zebulun78 on GitHub (Feb 26, 2019).

I am having an issue with user roles being synchronized (or recognized) where the CN is a group with a space in the name. I am using ldap auth with AD, all auth is working fine without issue, but when I add a CN name of a group to the external_auth_id field for a role, that group is not recognized, and the user is not added to that group. It works fine for groups with no space. I have tried all sorts of variations of quotes and escaping, to no avail.

Originally created by @zebulun78 on GitHub (Feb 26, 2019). I am having an issue with user roles being synchronized (or recognized) where the CN is a group with a space in the name. I am using ldap auth with AD, all auth is working fine without issue, but when I add a CN name of a group to the external_auth_id field for a role, that group is not recognized, and the user is not added to that group. It works fine for groups with no space. I have tried all sorts of variations of quotes and escaping, to no avail.

OVERLORD added the 📖 Docs Update label 2026-02-04 23:39:23 +03:00

OVERLORD closed this issue

2026-02-04 23:39:26 +03:00

OVERLORD commented

2026-02-04 23:39:41 +03:00

@zebulun78 commented on GitHub (Mar 4, 2019):

Bump. I am not sure if I explained this well enough. This is keeping me from being able to use this in our environment. I want to be able to manage user groups strictly via AD (LDAP) but cannot do so unless BookStack is able to use group CNs with spaces in the name.

@zebulun78 commented on GitHub (Mar 4, 2019): Bump. I am not sure if I explained this well enough. This is keeping me from being able to use this in our environment. I want to be able to manage user groups strictly via AD (LDAP) but cannot do so unless BookStack is able to use group CNs with spaces in the name.

OVERLORD commented

2026-02-04 23:39:46 +03:00

@ssddanbrown commented on GitHub (Mar 8, 2019):

Hi @zebulun78,
This looks to be a problem with the docs being incomplete. I have assigned this to the next patch release as a reminder to update the docs.

When BookStack performs LDAP/System Group/Role comparison it will, for standardisation, lower-case ldap group names and replace spaces with hyphens.

For example, if I have an LDAP group of United Kingdom, in the "External Auth ID" field of a role entering a value of united-kingdom should allow them to match. I've just tested this myself to ensure this works. Sorry if this documentation omission caused you any trouble.

Let me know if that works for you

@ssddanbrown commented on GitHub (Mar 8, 2019): Hi @zebulun78, This looks to be a problem with the docs being incomplete. I have assigned this to the next patch release as a reminder to update the docs. When BookStack performs LDAP/System Group/Role comparison it will, for standardisation, lower-case ldap group names and replace spaces with hyphens. For example, if I have an LDAP group of `United Kingdom`, in the "External Auth ID" field of a role entering a value of `united-kingdom` should allow them to match. I've just tested this myself to ensure this works. Sorry if this documentation omission caused you any trouble. Let me know if that works for you

OVERLORD commented

2026-02-04 23:39:50 +03:00

@zebulun78 commented on GitHub (Mar 12, 2019):

Thank you sir!

@zebulun78 commented on GitHub (Mar 12, 2019): Thank you sir!

OVERLORD referenced this issue

2026-02-05 10:16:30 +03:00

[PR #1063] [MERGED] Add select account parameter for google authorization #5764

Sign in to join this conversation.