I can't update the External Authentication ID for LDAP #1547

New Issue

OVERLORD · 2026-02-05T01:12:02+03:00

OVERLORD commented

2026-02-05 01:12:02 +03:00

Originally created by @struppy on GitHub (Feb 19, 2020).

I was using DistinguishedName as my Ad ID and wanted to switch to ObjectGUID.

For a new user no problem authentication with the ObjectGUID works and the field is automatically filled.

For a former user, replacing the initial value (DistinguishedName) with the ObjectGUID does not work ...

An idea because I cannot recreate all the users because of the preservation of their history.

Can you help me

Originally created by @struppy on GitHub (Feb 19, 2020). I was using DistinguishedName as my Ad ID and wanted to switch to ObjectGUID. For a new user no problem authentication with the ObjectGUID works and the field is automatically filled. For a former user, replacing the initial value (DistinguishedName) with the ObjectGUID does not work ... An idea because I cannot recreate all the users because of the preservation of their history. Can you help me

OVERLORD closed this issue

2026-02-05 01:12:04 +03:00

OVERLORD commented

2026-02-05 01:12:08 +03:00

@ssddanbrown commented on GitHub (Feb 19, 2020):

Hi @struppy,

This will be because BookStack stores the id attribute to use as an identifier to connect a BookStack user to an LDAP user. You'll need to update the BookStack stored value for existing users if you want to change the id attribute used. BookStack shows this as the "External Authentication ID" field when editing a user's profile.

If user a setting LDAP_ID_ATTRIBUTE=BIN;objectGUID then the field will need to be updated to be the hex-representation of the user's objectGUID value in AD.

@ssddanbrown commented on GitHub (Feb 19, 2020): Hi @struppy, This will be because BookStack stores the `id` attribute to use as an identifier to connect a BookStack user to an LDAP user. You'll need to update the BookStack stored value for existing users if you want to change the `id` attribute used. BookStack shows this as the "External Authentication ID" field when editing a user's profile. If user a setting `LDAP_ID_ATTRIBUTE=BIN;objectGUID` then the field will need to be updated to be the hex-representation of the user's `objectGUID` value in AD.

OVERLORD commented

2026-02-05 01:12:09 +03:00

@struppy commented on GitHub (Feb 19, 2020):

In the ad id is: cd5e5a49d09c4846a427cdadba41a89e

and in the user profile it is the same.

The old value is the CN Path.

Do I have to remove BIN from the .env file?

@struppy commented on GitHub (Feb 19, 2020): In the ad id is: cd5e5a49d09c4846a427cdadba41a89e and in the user profile it is the same. The old value is the CN Path. Do I have to remove BIN from the .env file?

OVERLORD commented

2026-02-05 01:12:12 +03:00

@ssddanbrown commented on GitHub (Feb 19, 2020):

I don't have AD to test on, but if you want to use the objectGUID attribute as an ID I think you'd need to use LDAP_ID_ATTRIBUTE=BIN;objectGUID so BookStack knows to decode the binary value.

Are you simply taking the value shown in AD and removing hypens? It might be worth comparing values for one of the new users, to see if the values match in AD and BookStack. From some of the conversations I've seen, you may need to go to extra effort to view the objectGUID value as a similar hex value in AD.

Here's an example of the difference in AD between the display value and the hex value:
https://exchangeinside.files.wordpress.com/2019/01/guid-to-hexa.jpg

@ssddanbrown commented on GitHub (Feb 19, 2020): I don't have AD to test on, but if you want to use the `objectGUID` attribute as an ID I think you'd need to use `LDAP_ID_ATTRIBUTE=BIN;objectGUID` so BookStack knows to decode the binary value. Are you simply taking the value shown in AD and removing hypens? It might be worth comparing values for one of the new users, to see if the values match in AD and BookStack. From some of the conversations I've seen, you may need to go to extra effort to view the `objectGUID` value as a similar hex value in AD. Here's an example of the difference in AD between the display value and the hex value: https://exchangeinside.files.wordpress.com/2019/01/guid-to-hexa.jpg

OVERLORD commented

2026-02-05 01:12:15 +03:00

@struppy commented on GitHub (Feb 20, 2020):

Great,
actually I was pasting the binary number instead of the hexadecimal one.

Thank you !
You can close the issue.

Bye

@struppy commented on GitHub (Feb 20, 2020): Great, actually I was pasting the binary number instead of the hexadecimal one. Thank you ! You can close the issue. Bye

OVERLORD commented

2026-02-05 01:12:19 +03:00

@ssddanbrown commented on GitHub (Feb 20, 2020):

@struppy Great, Happy to hear you got this working!

@ssddanbrown commented on GitHub (Feb 20, 2020): @struppy Great, Happy to hear you got this working!

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1547