AD groups starting with # don't work for Role External Authentication IDs #1420

New Issue

OVERLORD · 2026-02-05T00:51:18+03:00

OVERLORD commented

2026-02-05 00:51:18 +03:00

Originally created by @GitAdrianHub on GitHub (Oct 24, 2019).

Active Directory security groups that start with # (our standard) don't work for mapping AD groups to Roles using either the Role Name or External Authentication IDs. When A user who is a member of that group logs in, their role will not be applied.

Ubuntu 18.04 fresh install and used the supplied Ubuntu install script and supplied ldap config.

Originally created by @GitAdrianHub on GitHub (Oct 24, 2019). Active Directory security groups that start with # (our standard) don't work for mapping AD groups to Roles using either the Role Name or External Authentication IDs. When A user who is a member of that group logs in, their role will not be applied. Ubuntu 18.04 fresh install and used the supplied Ubuntu install script and supplied ldap config.

OVERLORD added the 🐕 Support 🚪 Authentication labels 2026-02-05 00:51:18 +03:00

OVERLORD closed this issue

2026-02-05 00:51:19 +03:00

OVERLORD commented

2026-02-05 00:51:22 +03:00

@ssddanbrown commented on GitHub (Oct 26, 2019):

Hi @GitAdrianHub,
I've had a little play on my side on this although I'm using OpenLDAP instead of AD.

It's a bit awkward since hash is not a valid character on its own and has to be escaped within a DN.
While testing I found that the BookStack side of things receives an escaped character code instead of a hash itself.

When setting an "External Authentication ID" on role of \23groupname (So a \23 instead of a #) I found it would then match correctly. Can you give this a go on your side to see if that gets things working?

@ssddanbrown commented on GitHub (Oct 26, 2019): Hi @GitAdrianHub, I've had a little play on my side on this although I'm using OpenLDAP instead of AD. It's a bit awkward since hash is not a valid character on its own and has to be escaped within a DN. While testing I found that the BookStack side of things receives an escaped character code instead of a hash itself. When setting an "External Authentication ID" on role of `\23groupname` (So a `\23` instead of a `#`) I found it would then match correctly. Can you give this a go on your side to see if that gets things working?

OVERLORD commented

2026-02-05 00:51:27 +03:00

@GitAdrianHub commented on GitHub (Oct 28, 2019):

That seems to work, thank you!

@GitAdrianHub commented on GitHub (Oct 28, 2019): That seems to work, thank you!

OVERLORD commented

2026-02-05 00:51:31 +03:00

@ssddanbrown commented on GitHub (Oct 28, 2019):

@GitAdrianHub Awesome! I'll therefore close this off, Hopefully should not be a frequent issue but if it pops up again I'll keep this in mind and potentially add a note to the docs.

Thanks for confirming!

@ssddanbrown commented on GitHub (Oct 28, 2019): @GitAdrianHub Awesome! I'll therefore close this off, Hopefully should not be a frequent issue but if it pops up again I'll keep this in mind and potentially add a note to the docs. Thanks for confirming!

OVERLORD referenced this issue

2026-02-05 10:17:49 +03:00

[PR #1420] [MERGED] Spanish translation #5814

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1420