Sync a specific AD Group #1555

New Issue

Closed

opened 2026-02-05 01:13:16 +03:00 by OVERLORD · 8 comments

OVERLORD commented 2026-02-05 01:13:16 +03:00

Owner

Copy Link

Originally created by @Buliwif on GitHub (Feb 26, 2020).

Hi,
Is there a way to sync a specific group from AD ?
I think about something like this :
LDAP_BASE_DN=CN=BookStack_Group,OU=example,DC=example,DC=example,DC=example

For the moment I synchronise an OU and it works.
I read documentation but I'm not sure to understand everything...
If it's possible can You show me an example please ?

Originally created by @Buliwif on GitHub (Feb 26, 2020). Hi, Is there a way to sync a specific group from AD ? I think about something like this : LDAP_BASE_DN=CN=BookStack_Group,OU=example,DC=example,DC=example,DC=example For the moment I synchronise an OU and it works. I read documentation but I'm not sure to understand everything... If it's possible can You show me an example please ?

OVERLORD closed this issue 2026-02-05 01:13:17 +03:00

OVERLORD commented 2026-02-05 01:13:21 +03:00

Author

Owner

Copy Link

@kanlas-net commented on GitHub (Feb 26, 2020):

You can use ldap search filter
LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf=cn=BookStack_Group,ou=example,DC=example,DC=example))

@kanlas-net commented on GitHub (Feb 26, 2020): You can use ldap search filter LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf=cn=BookStack_Group,ou=example,DC=example,DC=example))

OVERLORD commented 2026-02-05 01:13:22 +03:00

Author

Owner

Copy Link

@Buliwif commented on GitHub (Feb 26, 2020):

Thank you ! it works like a charm.
Just another question please, it seems that all user of this group has no roles. And it disable the local admin account.

I understand that it is possible to synchronize a ADgroup with a BookStackrole, how can I do with this configuration?

For now I got something like this :

LDAP_SERVER=example.domain.com:389
LDAP_BASE_DN="OU=BASE,OU=DC=example,DC=domain,DC=com"

LDAP_DN="CN=BookStackUser,OU=BASE,OU=DC=example,DC=domain,DC=com"
LDAP_PASS=blablabla

LDAP_USER_FILTER=(&(sAMAccountName=${user})(memberOf=cn=BookStack_Group,OU=BASE,OU=DC=example,DC=domain,DC=com))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=BIN;objectGUID

@Buliwif commented on GitHub (Feb 26, 2020): Thank you ! it works like a charm. Just another question please, it seems that all user of this group has no roles. And it disable the local admin account. I understand that it is possible to synchronize a ADgroup with a BookStackrole, how can I do with this configuration? For now I got something like this : ``` LDAP_SERVER=example.domain.com:389 LDAP_BASE_DN="OU=BASE,OU=DC=example,DC=domain,DC=com" LDAP_DN="CN=BookStackUser,OU=BASE,OU=DC=example,DC=domain,DC=com" LDAP_PASS=blablabla LDAP_USER_FILTER=(&(sAMAccountName=${user})(memberOf=cn=BookStack_Group,OU=BASE,OU=DC=example,DC=domain,DC=com)) LDAP_VERSION=3 LDAP_ID_ATTRIBUTE=BIN;objectGUID ```

OVERLORD commented 2026-02-05 01:13:24 +03:00

Author

Owner

Copy Link

@kanlas-net commented on GitHub (Feb 26, 2020):

Check this documentation page, at the end you will find groups sync setup
https://www.bookstackapp.com/docs/admin/ldap-auth/

@kanlas-net commented on GitHub (Feb 26, 2020): Check this documentation page, at the end you will find groups sync setup https://www.bookstackapp.com/docs/admin/ldap-auth/

OVERLORD commented 2026-02-05 01:13:29 +03:00

Author

Owner

Copy Link

@Buliwif commented on GitHub (Feb 26, 2020):

Ok thank you. After multiples trials, it works fine
I already read this but I have some gaps in English ... so I misunderstood some things... sorry. Now it's good for this part.

A last questionplease :
this is good :

LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf=cn=BookStack_Group,ou=example,DC=example,DC=example))

But if I put an ADgroup called "TECHservice" inside the ADgroup "BookStack_Group", users insides "TECHservice" can't connect.
Is it a way to allow group inside group ?

@Buliwif commented on GitHub (Feb 26, 2020): Ok thank you. After multiples trials, it works fine I already read this but I have some gaps in English ... so I misunderstood some things... sorry. Now it's good for this part. A last questionplease : this is good : ``` LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf=cn=BookStack_Group,ou=example,DC=example,DC=example)) ``` But if I put an ADgroup called "TECHservice" inside the ADgroup "BookStack_Group", users insides "TECHservice" can't connect. Is it a way to allow group inside group ?

OVERLORD commented 2026-02-05 01:13:34 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 26, 2020):

@Buliwif Looks like this stack overflow result might help for that scenario:
https://stackoverflow.com/questions/6195812/ldap-nested-group-membership

LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf:1.2.840.113556.1.4.1941:=cn=BookStack_Group,ou=example,DC=example,DC=example))

Havn't got AD to test myself though.

@ssddanbrown commented on GitHub (Feb 26, 2020): @Buliwif Looks like this stack overflow result might help for that scenario: https://stackoverflow.com/questions/6195812/ldap-nested-group-membership ``` LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname={0})(memberOf:1.2.840.113556.1.4.1941:=cn=BookStack_Group,ou=example,DC=example,DC=example)) ``` Havn't got AD to test myself though.

OVERLORD commented 2026-02-05 01:13:36 +03:00

Author

Owner

Copy Link

@Buliwif commented on GitHub (Feb 28, 2020):

Hi, sorry for late response, I wasn't at work yesterday. I'll try it today and tell you if it's ok.
Thank you

@Buliwif commented on GitHub (Feb 28, 2020): Hi, sorry for late response, I wasn't at work yesterday. I'll try it today and tell you if it's ok. Thank you

OVERLORD commented 2026-02-05 01:13:38 +03:00

Author

Owner

Copy Link

@Buliwif commented on GitHub (Feb 28, 2020):

I just have to say : thank you very much.
So happy to use your product, it's really the best I tried.

@Buliwif commented on GitHub (Feb 28, 2020): I just have to say : thank you very much. So happy to use your product, it's really the best I tried.

OVERLORD commented 2026-02-05 01:13:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 28, 2020):

@Buliwif Thank you very much. Can you confirm if the above worked? Can this now be closed?

@ssddanbrown commented on GitHub (Feb 28, 2020): @Buliwif Thank you very much. Can you confirm if the above worked? Can this now be closed?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1555