Issue with LDAP_BASE_DN parameter #1774

New Issue

OVERLORD · 2026-02-05T01:50:27+03:00

OVERLORD commented

2026-02-05 01:50:27 +03:00

Originally created by @Sub-SH on GitHub (Jun 29, 2020).

Hello!

I'm attempting to implement AD login but am having issues with the LDAP_BASE_DN parameter.

When I use this, it works great:
LDAP_BASE_DN=DC=******,DC=com

However, when I fill in the complete address, the Wiki webpage fails to load and I am stuck with a blank white screen:
LDAP_BASE_DN=CN=Wiki Users,OU=Groups,OU=IT,OU=*** Departments,DC=*********,DC=com

Here is the code that I have in entirety:

#LDAP Stuff
AUTH_METHOD=ldap
LDAP_SERVER=xxx.xxx.xxx.xxx:389
LDAP_BASE_DN=CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=*********,D>
LDAP_DN=******
LDAP_PASS=******
LDAP_USER_FILTER=(&(sAMAccountname=${user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=uid
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=cn

Originally created by @Sub-SH on GitHub (Jun 29, 2020). Hello! I'm attempting to implement AD login but am having issues with the LDAP_BASE_DN parameter. When I use this, it works great: `LDAP_BASE_DN=DC=******,DC=com` However, when I fill in the complete address, the Wiki webpage fails to load and I am stuck with a blank white screen: `LDAP_BASE_DN=CN=Wiki Users,OU=Groups,OU=IT,OU=*** Departments,DC=*********,DC=com` Here is the code that I have in entirety: ``` #LDAP Stuff AUTH_METHOD=ldap LDAP_SERVER=xxx.xxx.xxx.xxx:389 LDAP_BASE_DN=CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=*********,D> LDAP_DN=****** LDAP_PASS=****** LDAP_USER_FILTER=(&(sAMAccountname=${user})) LDAP_VERSION=3 LDAP_ID_ATTRIBUTE=uid LDAP_EMAIL_ATTRIBUTE=mail LDAP_DISPLAY_NAME_ATTRIBUTE=cn ```

OVERLORD closed this issue

2026-02-05 01:50:28 +03:00

OVERLORD commented

2026-02-05 01:50:32 +03:00

@ssddanbrown commented on GitHub (Jun 30, 2020):

Hi @subterminal,
I think this may be due to spaces in the value. Can you try wrapping it with double quotes?:

LDAP_BASE_DN="CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=com"

@ssddanbrown commented on GitHub (Jun 30, 2020): Hi @subterminal, I think this may be due to spaces in the value. Can you try wrapping it with double quotes?: ```shell LDAP_BASE_DN="CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=com" ```

OVERLORD commented

2026-02-05 01:50:35 +03:00

@Sub-SH commented on GitHub (Jun 30, 2020):

Yup, that definitely fixes the main issue. The web page now loads properly.

However, now it doesn't seem to be communicating with the "Wiki Users" CN. It's continually saying that my credentials are invalid. I know that address is correct as I copy & pasted it directly from the AD attribute editor. Is this an AD issue on my end or do I maybe have some of the config parameters wrong?

@Sub-SH commented on GitHub (Jun 30, 2020): Yup, that definitely fixes the main issue. The web page now loads properly. However, now it doesn't seem to be communicating with the "Wiki Users" CN. It's continually saying that my credentials are invalid. I know that address is correct as I copy & pasted it directly from the AD attribute editor. Is this an AD issue on my end or do I maybe have some of the config parameters wrong?

OVERLORD commented

2026-02-05 01:50:41 +03:00

@ssddanbrown commented on GitHub (Jun 30, 2020):

@subterminal Just to confirm, Are your users under Wiki Users in your LDAP hierarchy? Or is Wiki Users a leaf node with your actual users in a different OU?

@ssddanbrown commented on GitHub (Jun 30, 2020): @subterminal Just to confirm, Are your users under `Wiki Users` in your LDAP hierarchy? Or is `Wiki Users` a leaf node with your actual users in a different OU?

OVERLORD commented

2026-02-05 01:50:43 +03:00

@Sub-SH commented on GitHub (Jun 30, 2020):

@ssddanbrown It's a leaf node that I added members to.

@Sub-SH commented on GitHub (Jun 30, 2020): @ssddanbrown It's a leaf node that I added members to.

OVERLORD commented

2026-02-05 01:50:47 +03:00

@ssddanbrown commented on GitHub (Jun 30, 2020):

@subterminal Ah, Okay, Then that might be it. The LDAP_BASE_DN will effectively act as the root point which is searched within; Related items, that are not in the direct child tree of the base, won't be found as far as I can tell.

Might need to choose a higher point as the base DN (That'll include your users) then update the filter for your target group. Something like:

LDAP_BASE_DN="OU=IT,OU=**** Departments,DC=com"
LDAP_USER_FILTER="(&(sAMAccountname=${user})(memberOf=CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=com))"

@ssddanbrown commented on GitHub (Jun 30, 2020): @subterminal Ah, Okay, Then that might be it. The `LDAP_BASE_DN` will effectively act as the root point which is searched within; Related items, that are not in the direct child tree of the base, won't be found as far as I can tell. Might need to choose a higher point as the base DN (That'll include your users) then update the filter for your target group. Something like: ```bash LDAP_BASE_DN="OU=IT,OU=**** Departments,DC=com" LDAP_USER_FILTER="(&(sAMAccountname=${user})(memberOf=CN=Wiki Users,OU=Groups,OU=IT,OU=**** Departments,DC=com))" ```

OVERLORD commented

2026-02-05 01:50:48 +03:00

@Sub-SH commented on GitHub (Jun 30, 2020):

That works beautifully! Thank you!

@Sub-SH commented on GitHub (Jun 30, 2020): That works beautifully! Thank you!

OVERLORD commented

2026-02-05 01:50:53 +03:00

@ssddanbrown commented on GitHub (Jun 30, 2020):

@subterminal Awesome 🎊 Glad that got things working. Will therefore close this off.

@ssddanbrown commented on GitHub (Jun 30, 2020): @subterminal Awesome :confetti_ball: Glad that got things working. Will therefore close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1774