Allow to automatically confirm LDAP emails #1140

New Issue

Closed

opened 2026-02-04 23:57:31 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-04 23:57:31 +03:00

Owner

Copy Link

Originally created by @MorrisJobke on GitHub (Apr 12, 2019).

Currently LDAP users need to re-confirm it's email address. It would make sense to also have an LDAP_AUTO_CONFIRM_EMAIL setting that overwrites the default in 257a5a23ec/app/Providers/LdapUserProvider.php (L119).

Does that make sense? And how to best inject the config setting into that code path? Should it be passed in via the constructor of the LdapUserProvider class?

Originally created by @MorrisJobke on GitHub (Apr 12, 2019). Currently LDAP users need to re-confirm it's email address. It would make sense to also have an `LDAP_AUTO_CONFIRM_EMAIL` setting that overwrites the default in https://github.com/BookStackApp/BookStack/blob/257a5a23ecaf7ce779969d575ff8a0b976181d13/app/Providers/LdapUserProvider.php#L119. Does that make sense? And how to best inject the config setting into that code path? Should it be passed in via the constructor of the `LdapUserProvider` class?

OVERLORD added the 🚪 Authentication🏭 Back-End labels 2026-02-04 23:57:31 +03:00

OVERLORD closed this issue 2026-02-04 23:57:35 +03:00

OVERLORD commented 2026-02-04 23:57:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Apr 12, 2019):

Hi @MorrisJobke,

Just to double check, Are you using LDAP along with another non-trusted authentication method, where domain restriction or email confirmations is necessary? Otherwise, If not, I think you could just disable those options in the settings if my thinking is correct?

Should it be passed in via the constructor of the LdapUserProvider class?

If this is something that needs to be added, It may be better for the LdapUserProvider to ask the LdapService if email confirmation is required, since LdapService already handles config management whereas LdapUserProvider does not.

@ssddanbrown commented on GitHub (Apr 12, 2019): Hi @MorrisJobke, Just to double check, Are you using LDAP along with another non-trusted authentication method, where domain restriction or email confirmations is necessary? Otherwise, If not, I think you could just disable those options in the settings if my thinking is correct? > Should it be passed in via the constructor of the LdapUserProvider class? If this is something that needs to be added, It may be better for the `LdapUserProvider` to ask the `LdapService` if email confirmation is required, since `LdapService` already handles config management whereas `LdapUserProvider` does not.

OVERLORD commented 2026-02-04 23:57:43 +03:00

Author

Owner

Copy Link

@MorrisJobke commented on GitHub (Apr 12, 2019):

Just to double check, Are you using LDAP along with another non-trusted authentication method, where domain restriction or email confirmations is necessary? Otherwise, If not, I think you could just disable those options in the settings if my thinking is correct?

Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay?

@MorrisJobke commented on GitHub (Apr 12, 2019): > Just to double check, Are you using LDAP along with another non-trusted authentication method, where domain restriction or email confirmations is necessary? Otherwise, If not, I think you could just disable those options in the settings if my thinking is correct? Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay?

OVERLORD commented 2026-02-04 23:57:46 +03:00

Author

Owner

Copy Link

@MorrisJobke commented on GitHub (Apr 12, 2019):

Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay?

Tested, but there is no new setting in the web UI config. Where can this be typically found?

@MorrisJobke commented on GitHub (Apr 12, 2019): > Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay? Tested, but there is no new setting in the web UI config. Where can this be typically found?

OVERLORD commented 2026-02-04 23:57:50 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Apr 12, 2019):

Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay?

Created content will stay but the name will be removed from activity. Alternatively, once LDAP is enabled, you can set a user's 'External Auth ID' (Or something like that) on their profile which is what's used to match a user during LDAP login.

Tested, but there is no new setting in the web UI config. Where can this be typically found?

Below are the settings I was referring to in my above comment, Using/Enabling either of these will cause BookStack to confirm email addresses.

If you're finding BookStack is actually asking for an email via an input after logging in, instead of just sending a confirmation email, this may instead be an issue with BookStack not finding an email when the user is fetched from LDAP.

@ssddanbrown commented on GitHub (Apr 12, 2019): > Yeah - I had one admin account created there. Can I just delete this account and all it's created content will stay? Created content will stay but the name will be removed from activity. Alternatively, once LDAP is enabled, you can set a user's 'External Auth ID' (Or something like that) on their profile which is what's used to match a user during LDAP login. > Tested, but there is no new setting in the web UI config. Where can this be typically found? Below are the settings I was referring to in my above comment, Using/Enabling either of these will cause BookStack to confirm email addresses.  If you're finding BookStack is actually asking for an email via an input after logging in, instead of just sending a confirmation email, this may instead be an issue with BookStack not finding an email when the user is fetched from LDAP.

OVERLORD commented 2026-02-04 23:57:54 +03:00

Author

Owner

Copy Link

@MorrisJobke commented on GitHub (Apr 12, 2019):

Below are the settings I was referring to in my above comment, Using/Enabling either of these will cause BookStack to confirm email addresses.

Scrolling helps 🙈 I disabled the domain restriction now. That should have solved the issue. Sorry for the noise here and thanks for your help.

@MorrisJobke commented on GitHub (Apr 12, 2019): > Below are the settings I was referring to in my above comment, Using/Enabling either of these will cause BookStack to confirm email addresses. Scrolling helps 🙈 I disabled the domain restriction now. That should have solved the issue. Sorry for the noise here and thanks for your help.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🚪 Authentication 🏭 Back-End

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1140