LDAP: Support binding via the authenticating user #1497

New Issue

OVERLORD · 2026-02-05T01:03:24+03:00

OVERLORD commented

2026-02-05 01:03:24 +03:00

Originally created by @knightfallproject on GitHub (Jan 16, 2020).

I am trying to connect BookStack to my existing LDAP server.
The server is configured so that anonymous connections cannot be done.
I do not have a dedicated system user to configure LDAP_DN and LDAP_PASS in the .env file.
How do I make LDAP authentication work under these circumstances ?

Thanks in advance.

Originally created by @knightfallproject on GitHub (Jan 16, 2020). I am trying to connect BookStack to my existing LDAP server. The server is configured so that anonymous connections cannot be done. I do not have a dedicated system user to configure LDAP_DN and LDAP_PASS in the .env file. How do I make LDAP authentication work under these circumstances ? Thanks in advance.

OVERLORD added the 🔨 Feature Request 🚪 Authentication labels 2026-02-05 01:03:24 +03:00

OVERLORD commented

2026-02-05 01:03:26 +03:00

@MatthieuNoirbusson commented on GitHub (Jan 16, 2020):

+1 The documentation is not so clear and the laravel.log does not contain anything that can really help ...

@MatthieuNoirbusson commented on GitHub (Jan 16, 2020): +1 The documentation is not so clear and the laravel.log does not contain anything that can really help ...

OVERLORD commented

2026-02-05 01:03:28 +03:00

@ssddanbrown commented on GitHub (Jan 19, 2020):

How do I make LDAP authentication work under these circumstances ?

To be honest, I don't really know. It might be that my unfamiliarity with LDAP is not helping here but if you don't have either anonymous binds or a user account to use how would you connect to the LDAP system?

Do you use the LDAP system with other external applications? If so, how do they authenticate/bind?

@ssddanbrown commented on GitHub (Jan 19, 2020): > How do I make LDAP authentication work under these circumstances ? To be honest, I don't really know. It might be that my unfamiliarity with LDAP is not helping here but if you don't have either anonymous binds or a user account to use how would you connect to the LDAP system? Do you use the LDAP system with other external applications? If so, how do they authenticate/bind?

OVERLORD commented

2026-02-05 01:03:31 +03:00

@knightfallproject commented on GitHub (Jan 20, 2020):

@ssddanbrown
Yes, the LDAP is being used with other external application.
The user's credentials itself is used to bind to LDAP during login. No dedicated account is used.

@knightfallproject commented on GitHub (Jan 20, 2020): @ssddanbrown Yes, the LDAP is being used with other external application. The user's credentials itself is used to bind to LDAP during login. No dedicated account is used.

OVERLORD commented

2026-02-05 01:03:35 +03:00

@MatthieuNoirbusson commented on GitHub (Jan 24, 2020):

It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName

@MatthieuNoirbusson commented on GitHub (Jan 24, 2020): It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName

OVERLORD commented

2026-02-05 01:03:37 +03:00

@ubermanl commented on GitHub (Apr 8, 2021):

I have the same issue as @knightfallproject , we do authentication using the final user's credential, is there a way to specify those credentials as a binding user/password?
Thank you!

@ubermanl commented on GitHub (Apr 8, 2021): I have the same issue as @knightfallproject , we do authentication using the final user's credential, is there a way to specify those credentials as a binding user/password? Thank you!

OVERLORD commented

2026-02-05 01:03:44 +03:00

@GeoHolz commented on GitHub (Oct 19, 2021):

It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName

Thanks, and please add it into the documentation !!

@GeoHolz commented on GitHub (Oct 19, 2021): > > > It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName Thanks, and please add it into the documentation !!

OVERLORD commented

2026-02-05 01:03:49 +03:00

@piwinkler commented on GitHub (Mar 15, 2024):

I am in favour of that feature.
Both anonymous or some read only user provide much more information than needed for this process.
My suggestion for the implentation would be something like a flag LDAP_SIMPLEBIND=true and if so there needs to be an LDAP_USER_ATTRIBUTE=<e.g. CN> which extends LDAP_DN in the background after the user logged in to
LDAP_DN="${LDAP_USER_ATTRIBUTE}=${POST_REQUEST_USER},${LDAP_DN}"

@piwinkler commented on GitHub (Mar 15, 2024): I am in favour of that feature. Both anonymous or some read only user provide much more information than needed for this process. My suggestion for the implentation would be something like a flag LDAP_SIMPLEBIND=true and if so there needs to be an LDAP_USER_ATTRIBUTE=<e.g. CN> which extends LDAP_DN in the background after the user logged in to LDAP_DN="${LDAP_USER_ATTRIBUTE}=${POST_REQUEST_USER},${LDAP_DN}"

OVERLORD referenced this issue

2026-02-05 10:18:03 +03:00

[PR #1497] [CLOSED] Added i18n support for default data #5824

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1497