LDAP - failing to bind anonymously #1843

New Issue

OVERLORD · 2026-02-05T02:01:50+03:00

OVERLORD commented

2026-02-05 02:01:50 +03:00

Originally created by @DjiB1 on GitHub (Sep 7, 2020).

Hi all,
I've been trying to setup LDAP, but not having much luck with anonymous bind. Has anyone actually managed?
All I can find is most people have used a bind account

I've tried debugging but I can't see any errors and the AD server does allow anonymous bind.

AUTH_METHOD=ldap
LDAP_SERVER=example.com:389
LDAP_BASE_DN=DC=example,dc=com

#The full DN and password of the user used to search the server
#Can both be left as false to bind anonymously
LDAP_DN=false
LDAP_PASS=false

LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_TLS_INSECURE=false

#Active Directory
LDAP_USER_FILTER=(&(sAMAaccountName=${user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=BIN;objectGUID

#Debugging if you have issues, comment out after LDAP is working
#APP_DEBUG=true

Originally created by @DjiB1 on GitHub (Sep 7, 2020). Hi all, I've been trying to setup LDAP, but not having much luck with anonymous bind. Has anyone actually managed? All I can find is most people have used a bind account I've tried debugging but I can't see any errors and the AD server does allow anonymous bind. AUTH_METHOD=ldap LDAP_SERVER=example.com:389 LDAP_BASE_DN=DC=example,dc=com #The full DN and password of the user used to search the server #Can both be left as false to bind anonymously LDAP_DN=false LDAP_PASS=false LDAP_DISPLAY_NAME_ATTRIBUTE=cn LDAP_TLS_INSECURE=false #Active Directory LDAP_USER_FILTER=(&(sAMAaccountName=${user})) LDAP_VERSION=3 LDAP_ID_ATTRIBUTE=BIN;objectGUID #Debugging if you have issues, comment out after LDAP is working #APP_DEBUG=true

OVERLORD closed this issue

2026-02-05 02:01:54 +03:00

OVERLORD commented

2026-02-05 02:01:57 +03:00

@tiredofit commented on GitHub (Sep 13, 2020):

What is your LDAP Server type? I'm assuming AD but looking to confirm.

Can you try using a tool like JXPlorer to perform an anonymous bind?
LDAP_DUMP_USER_DETAILS=true might be a great way to get info as well, otherwise watch the server and find out what it is responding with. It's been a while since I've worked with AD, more so OpenLDAP but they are one of the same, just different ways to get access to the logs.

@tiredofit commented on GitHub (Sep 13, 2020): What is your LDAP Server type? I'm assuming AD but looking to confirm. Can you try using a tool like JXPlorer to perform an anonymous bind? `LDAP_DUMP_USER_DETAILS=true` might be a great way to get info as well, otherwise watch the server and find out what it is responding with. It's been a while since I've worked with AD, more so OpenLDAP but they are one of the same, just different ways to get access to the logs.

OVERLORD commented

2026-02-05 02:02:00 +03:00

@DjiB1 commented on GitHub (Sep 29, 2020):

What is your LDAP Server type? I'm assuming AD but looking to confirm.

Can you try using a tool like JXPlorer to perform an anonymous bind?
LDAP_DUMP_USER_DETAILS=true might be a great way to get info as well, otherwise watch the server and find out what it is responding with. It's been a while since I've worked with AD, more so OpenLDAP but they are one of the same, just different ways to get access to the logs.

@tiredofit thank you for your reply. I basically gave up and used a service account :)

@DjiB1 commented on GitHub (Sep 29, 2020): > What is your LDAP Server type? I'm assuming AD but looking to confirm. > > Can you try using a tool like JXPlorer to perform an anonymous bind? > `LDAP_DUMP_USER_DETAILS=true` might be a great way to get info as well, otherwise watch the server and find out what it is responding with. It's been a while since I've worked with AD, more so OpenLDAP but they are one of the same, just different ways to get access to the logs. @tiredofit thank you for your reply. I basically gave up and used a service account :)

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1843