LDAP Login when email already exists fails silently. #1664

New Issue

OVERLORD · 2026-02-05T01:33:06+03:00

OVERLORD commented

2026-02-05 01:33:06 +03:00

Originally created by @bcarlson23 on GitHub (Apr 16, 2020).

Describe the bug
When two users share the same email address in OpenLDAP, the first user is able to auto-generate their bookstack account. When the second user attempts to log in (with the same email address as the first user), no error message, auto-redirect to the login page.

Steps To Reproduce
Steps to reproduce the behavior:

Setup LDAP Auth (Using OpenLDAP)
Create 2 users with the same email address
Attempt to log into Bookstack as both users.

Expected behavior
An error message or indication of failure.

Your Configuration (please complete the following information):

Exact BookStack Version (Found in settings): 0.28.3
PHP Version: 7.3
Hosting Method (Nginx/Apache/Docker): Apache

Originally created by @bcarlson23 on GitHub (Apr 16, 2020). **Describe the bug** When two users share the same email address in OpenLDAP, the first user is able to auto-generate their bookstack account. When the second user attempts to log in (with the same email address as the first user), no error message, auto-redirect to the login page. **Steps To Reproduce** Steps to reproduce the behavior: 1. Setup LDAP Auth (Using OpenLDAP) 2. Create 2 users with the same email address 3. Attempt to log into Bookstack as both users. **Expected behavior** An error message or indication of failure. **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): 0.28.3 - PHP Version: 7.3 - Hosting Method (Nginx/Apache/Docker): Apache

OVERLORD added the 🐛 Bug 🚪 Authentication 🏭 Back-End labels 2026-02-05 01:33:06 +03:00

OVERLORD closed this issue

2026-02-05 01:33:07 +03:00

OVERLORD commented

2026-02-05 01:33:09 +03:00

@ssddanbrown commented on GitHub (Apr 26, 2020):

Hi @bcarlson23,
Thanks for reporting and sorry that you've ran into this issue.

I've just done some testing I can confirm that no error message is visible to the user, when the instance is set to non-public. If an instance is public a message is shown as expected:

An extra redirect from the homepage to the login causes the error to not be seen. Will assign for the next patch release.

@ssddanbrown commented on GitHub (Apr 26, 2020): Hi @bcarlson23, Thanks for reporting and sorry that you've ran into this issue. I've just done some testing I can confirm that no error message is visible to the user, when the instance is set to non-public. If an instance is public a message is shown as expected: ![image](https://user-images.githubusercontent.com/8343178/80304791-4469ce00-87b0-11ea-80d0-e02495fa1d7e.png) An extra redirect from the homepage to the login causes the error to not be seen. Will assign for the next patch release.

OVERLORD commented

2026-02-05 01:33:15 +03:00

@ssddanbrown commented on GitHub (Apr 26, 2020):

A fix for this has been applied in 8ce38d2158, This will be deployed as part of the next BookStack patch release.

Thanks again @bcarlson23 for reporting.

@ssddanbrown commented on GitHub (Apr 26, 2020): A fix for this has been applied in 8ce38d2158d455ac18f7181119dcc4d68073eda9, This will be deployed as part of the next BookStack patch release. Thanks again @bcarlson23 for reporting.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1664