Ldap Configuration - #1582

New Issue

OVERLORD · 2026-02-05T01:19:43+03:00

OVERLORD commented

2026-02-05 01:19:43 +03:00

Originally created by @josephhernandezphd on GitHub (Mar 13, 2020).

Describe the bug
LDAP is setup using the same settings as other services like git and rocket chat but will not authenticate a user.
Mounting /etc/ssl/certs/ca-certificate.crt to make sure ssl is able to connect.
Running a test php connection within the container works without bind issues.

Error: "These credentials do not match our records."
credentials work for other sites,

Steps To Reproduce
Steps to reproduce the behavior:
Using the docker below, creating the behavior of not throwing a bind error but not authenticating the user

Expected behavior
I expect to have the same login process as with other services.

Your Configuration (please complete the following information):

Exact BookStack Version (Found in settings): Latest from docker repository
PHP Version:
Hosting Method (Nginx/Apache/Docker): Docker

Additional context
Docker-Compose
version: "2"
services:
bookstack:
image: linuxserver/bookstack
container_name: bookstack
environment:
- PUID=1000
- PGID=1000
- DB_HOST=bookstack_db
- DB_USER=bookstack
- DB_PASS=dbpass
- DB_DATABASE=bookstackapp
- APP_URL=https://subdomain.example.com
- VIRTUAL_HOST=subdomain.example.com
- LETSENCRYPT_HOST=subdomain.example.com
- LETSENCRYPT_EMAIL=email
- AUTH_METHOD=ldap
- LDAP_VERSION=3

- LDAP_VERSION=false

  - LDAP_BASE_DN=ou=coolname,dc=example,dc=com
  - LDAP_SERVER=ldaps://ldap.example.com:636
  - LDAP_DN=cn=admin,dc=api,dc=digital
  - LDAP_PASS=password&*!)@(# with special charactors

- LDAP_USER_FILTER=(|(cn=${user})(sn=${user}))

  - LDAP_USER_FILTER=(|(cn=${user})(sn=${user})(uid=${user}))
  - LDAP_TLS_INSECURE=false
  - LDAP_ID_ATTRIBUTE=cn
  - LDAP_EMAIL_ATTRIBUTE=sn
  - APP_DEBUG=true
  - LDAP_AUTO_CONFIRM_EMAIL=true

Originally created by @josephhernandezphd on GitHub (Mar 13, 2020). **Describe the bug** LDAP is setup using the same settings as other services like git and rocket chat but will not authenticate a user. Mounting /etc/ssl/certs/ca-certificate.crt to make sure ssl is able to connect. Running a test php connection within the container works without bind issues. Error: "These credentials do not match our records." credentials work for other sites, **Steps To Reproduce** Steps to reproduce the behavior: Using the docker below, creating the behavior of not throwing a bind error but not authenticating the user **Expected behavior** I expect to have the same login process as with other services. **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): Latest from docker repository - PHP Version: - Hosting Method (Nginx/Apache/Docker): Docker **Additional context** Docker-Compose version: "2" services: bookstack: image: linuxserver/bookstack container_name: bookstack environment: - PUID=1000 - PGID=1000 - DB_HOST=bookstack_db - DB_USER=bookstack - DB_PASS=dbpass - DB_DATABASE=bookstackapp - APP_URL=https://subdomain.example.com - VIRTUAL_HOST=subdomain.example.com - LETSENCRYPT_HOST=subdomain.example.com - LETSENCRYPT_EMAIL=email - AUTH_METHOD=ldap - LDAP_VERSION=3 # - LDAP_VERSION=false - LDAP_BASE_DN=ou=coolname,dc=example,dc=com - LDAP_SERVER=ldaps://ldap.example.com:636 - LDAP_DN=cn=admin,dc=api,dc=digital - LDAP_PASS=password&*!)@(# with special charactors # - LDAP_USER_FILTER=(|(cn=${user})(sn=${user})) - LDAP_USER_FILTER=(|(cn=${user})(sn=${user})(uid=${user})) - LDAP_TLS_INSECURE=false - LDAP_ID_ATTRIBUTE=cn - LDAP_EMAIL_ATTRIBUTE=sn - APP_DEBUG=true - LDAP_AUTO_CONFIRM_EMAIL=true

OVERLORD added the 🐕 Support 🚪 Authentication labels 2026-02-05 01:19:43 +03:00

OVERLORD closed this issue

2026-02-05 01:19:44 +03:00

OVERLORD commented

2026-02-05 01:19:48 +03:00

@ssddanbrown commented on GitHub (Mar 14, 2020):

The error, "These credentials do not match our records.", suggests that the connection is probably working but either the user search provides no results or the password do not work for the first found user.

It's possible you're hitting docker variable substitution here looking at your compose file. Could you try updating your LDAP_USER_FILTER value to be:

(|(cn=$${user})(sn=$${user})(uid=$${user}))

@ssddanbrown commented on GitHub (Mar 14, 2020): The error, "These credentials do not match our records.", suggests that the connection is probably working but either the user search provides no results or the password do not work for the first found user. It's possible you're hitting [docker variable substitution here](https://docs.docker.com/compose/compose-file/#variable-substitution) looking at your compose file. Could you try updating your `LDAP_USER_FILTER` value to be: ``` (|(cn=$${user})(sn=$${user})(uid=$${user})) ```

OVERLORD commented

2026-02-05 01:19:51 +03:00

@josephhernandezphd commented on GitHub (Mar 15, 2020):

That fixed it. Thanks for the help.

@josephhernandezphd commented on GitHub (Mar 15, 2020): That fixed it. Thanks for the help.

OVERLORD commented

2026-02-05 01:19:53 +03:00

@Chluz commented on GitHub (Apr 10, 2020):

the $$ was also required for me. would it make sense to include this in the documentation?
thanks again

@Chluz commented on GitHub (Apr 10, 2020): the $$ was also required for me. would it make sense to include this in the documentation? thanks again

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1582