SELinux and LDAP #1442

New Issue

Closed

opened 2026-02-05 00:54:30 +03:00 by OVERLORD · 9 comments

OVERLORD commented 2026-02-05 00:54:30 +03:00

Owner

Copy Link

Originally created by @okwindart on GitHub (Nov 4, 2019).

BookStack is running great in CentOS 7 and Active Directory for login. The only issue I am running into is I have to disable SELinux in order to get LDAP to communicate with Active Directory. How can I have both SELinux enabled and LDAP working with AD as well? Basically, I want to have my cake and eat it too :)

I have tried some online suggestions but so far nothing has worked.

Any feedback would be appreciated!

Originally created by @okwindart on GitHub (Nov 4, 2019). BookStack is running great in CentOS 7 and Active Directory for login. The only issue I am running into is I have to disable SELinux in order to get LDAP to communicate with Active Directory. How can I have both SELinux enabled and LDAP working with AD as well? Basically, I want to have my cake and eat it too :) I have tried some online suggestions but so far nothing has worked. Any feedback would be appreciated!

OVERLORD closed this issue 2026-02-05 00:54:34 +03:00

OVERLORD commented 2026-02-05 00:54:38 +03:00

Author

Owner

Copy Link

@Mant1kor commented on GitHub (Nov 5, 2019):

@okwindart
Use my installation script for fresh install, or this commands to configure SELinux

BOOKSTACK_DIR="/insert/path/to/bookstack_dir" 
# Example: BOOKSTACK_DIR="/var/www/bookstack"
# allow send emails
setsebool -P httpd_can_sendmail 1
# allow redirect authorization for LDAP
setsebool -P httpd_can_network_connect 1
# Configure folders SELinux context
semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/public/uploads(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/storage(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/bootstrap/cache(/.*)?"
restorecon -R "$BOOKSTACK_DIR"

@Mant1kor commented on GitHub (Nov 5, 2019): @okwindart Use [my installation script](https://github.com/Mant1kor/devops/blob/master/scripts/installation-CentOS-7.sh) for fresh install, or this commands to configure SELinux ```bash BOOKSTACK_DIR="/insert/path/to/bookstack_dir" # Example: BOOKSTACK_DIR="/var/www/bookstack" # allow send emails setsebool -P httpd_can_sendmail 1 # allow redirect authorization for LDAP setsebool -P httpd_can_network_connect 1 # Configure folders SELinux context semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/public/uploads(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/storage(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "${BOOKSTACK_DIR}/bootstrap/cache(/.*)?" restorecon -R "$BOOKSTACK_DIR" ```

OVERLORD commented 2026-02-05 00:54:40 +03:00

Author

Owner

Copy Link

@okwindart commented on GitHub (Nov 8, 2019):

@Mant1kor Thanks.

A bit confused about your script. I actually used your install script when I first setup BookStack on CentOS. However, I had to disable SELinux in order to get httpd to work with LDAP.

Without doing another fresh install, how do I run these commands? Especially the "BOOKSTACK_DIR" (first line) you sent is what I am confused about.

Thank.

@okwindart commented on GitHub (Nov 8, 2019): @Mant1kor Thanks. A bit confused about your script. I actually used your install script when I first setup BookStack on CentOS. However, I had to disable SELinux in order to get httpd to work with LDAP. Without doing another fresh install, how do I run these commands? Especially the "BOOKSTACK_DIR" (first line) you sent is what I am confused about. Thank.

OVERLORD commented 2026-02-05 00:54:44 +03:00

Author

Owner

Copy Link

@Mant1kor commented on GitHub (Nov 9, 2019):

@okwindart you can run the commands in command line one by one. If you only need to get httpd to work with LDAP just run:
sudo setsebool -P httpd_can_network_connect 1
BOOKSTACK_DIR - is variable to set BookStack root folder. If you used my script for fresh installation it should be:
BOOKSTACK_DIR="/var/www/bookstack"

@Mant1kor commented on GitHub (Nov 9, 2019): @okwindart you can run the commands in command line one by one. If you only need to get httpd to work with LDAP just run: `sudo setsebool -P httpd_can_network_connect 1` BOOKSTACK_DIR - is variable to set BookStack root folder. If you used my script for fresh installation it should be: `BOOKSTACK_DIR="/var/www/bookstack" `

OVERLORD commented 2026-02-05 00:54:47 +03:00

Author

Owner

Copy Link

@okwindart commented on GitHub (Nov 9, 2019):

Thanks, @okwindart

Do I first need to enable SELinux in the the config file before I run your script? It is currently disabled. This is how my config file looks now.

@okwindart commented on GitHub (Nov 9, 2019): Thanks, @okwindart Do I first need to enable SELinux in the the config file before I run your script? It is currently disabled. This is how my config file looks now. 

OVERLORD commented 2026-02-05 00:54:52 +03:00

Author

Owner

Copy Link

@Mant1kor commented on GitHub (Nov 9, 2019):

Do I first need to enable SELinux in the the config file before I run your script?

Yes, enable it first, then reboot and run command(s).

@Mant1kor commented on GitHub (Nov 9, 2019): > Do I first need to enable SELinux in the the config file before I run your script? Yes, enable it first, then reboot and run command(s).

OVERLORD commented 2026-02-05 00:54:56 +03:00

Author

Owner

Copy Link

@okwindart commented on GitHub (Nov 9, 2019):

OK. When I do that, I get a doublescreen like this:

Here is the command I ran:

@okwindart commented on GitHub (Nov 9, 2019): OK. When I do that, I get a doublescreen like this:  Here is the command I ran:  

OVERLORD commented 2026-02-05 00:54:59 +03:00

Author

Owner

Copy Link

@Mant1kor commented on GitHub (Nov 9, 2019):

Check /var/log/audit/audit.log or /var/log/audit.log for details.

@Mant1kor commented on GitHub (Nov 9, 2019): Check `/var/log/audit/audit.log` or `/var/log/audit.log` for details.

OVERLORD commented 2026-02-05 00:55:01 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 15, 2019):

Thanks @Mant1kor for providing assistance here.

@ssddanbrown commented on GitHub (Nov 15, 2019): Thanks @Mant1kor for providing assistance here.

OVERLORD commented 2026-02-05 00:55:04 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Dec 12, 2020):

Since there's been no follow-up I'm going to close this. If the issue remains and is something you still require to be fixed please open a new issue, referencing this one.

@ssddanbrown commented on GitHub (Dec 12, 2020): Since there's been no follow-up I'm going to close this. If the issue remains and is something you still require to be fixed please open a new issue, referencing this one.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v25-12

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1442