LDAP Group synchronization: memberUid attribute #1948

New Issue

Closed

opened 2026-02-05 02:17:20 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 02:17:20 +03:00

Owner

Copy Link

Originally created by @das-kaesebrot on GitHub (Nov 20, 2020).

Describe the feature you'd like
LDAP Group synchronization by the memberUid attribute

Describe the benefits this feature would bring to BookStack users
Implementing this feature would make it possible to use Bookstack in conjunction with an OpenLDAP server using posixGroups for authorization and Bookstack permissions management.

As of right now, it is only possible to synchronize user groups from an LDAP server to Bookstack using the memberOf attribute (or another group attribute written to the LDAP user him/herself). Considering that there are quite a few OpenLDAP servers using the posixGroup group type which does not support memberOf attributes (See here, for example) it would be a great enhancement to implement group synchronization by memberUid.
The main difference between memberOf and memberUid is that there is no membership attribute written to the user him/herself, the membership is instead stored only as a memberUid attribute in the posixGroup, containing the uids of all group members.
(Please excuse my formatting, this is my first time posting an Issue on GitHub...)

Originally created by @das-kaesebrot on GitHub (Nov 20, 2020). **Describe the feature you'd like** LDAP Group synchronization by the `memberUid` attribute **Describe the benefits this feature would bring to BookStack users** Implementing this feature would make it possible to use Bookstack in conjunction with an OpenLDAP server using posixGroups for authorization and Bookstack permissions management. As of right now, it is only possible to synchronize user groups from an LDAP server to Bookstack using the `memberOf` attribute (or another group attribute written to the LDAP user him/herself). Considering that there are quite a few OpenLDAP servers using the `posixGroup` group type which does not support `memberOf` attributes ([See here, for example](https://tylersguides.com/guides/openldap-memberof-overlay/)) it would be a great enhancement to implement group synchronization by `memberUid`. The main difference between `memberOf` and `memberUid` is that there is no membership attribute written to the user him/herself, the membership is instead stored only as a `memberUid` attribute in the posixGroup, containing the uids of all group members. (Please excuse my formatting, this is my first time posting an Issue on GitHub...)

OVERLORD added the 🌔 Out of scope🚪 Authentication labels 2026-02-05 02:17:20 +03:00

OVERLORD closed this issue 2026-02-05 02:17:21 +03:00

OVERLORD commented 2026-02-05 02:17:25 +03:00

Author

Owner

Copy Link

@tiredofit commented on GitHub (Dec 11, 2020):

memberUid has been deprecated for a long time now with people moving onto RFC2307bis memberOf overlays. I get the feeling the dev does not want to invest much more time in authentication functionality as its working for the majority of users and wants to focus on improving the overall application.

@tiredofit commented on GitHub (Dec 11, 2020): `memberUid` has been deprecated for a long time now with people moving onto RFC2307bis `memberOf` overlays. I get the feeling the dev does not want to invest much more time in authentication functionality as its working for the majority of users and wants to focus on improving the overall application.

OVERLORD commented 2026-02-05 02:17:29 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 15, 2021):

Thanks for the request @das-kaesebrot.

As @tiredofit has pointed out I would not want to dedicate too much additional time or expand out the auth system features unless there's significant benefit in doing so, to ensure the maintenance burden does not grow much greater. Since noone else has previously or since requested memberUid it appears the demand is very much limited and outside that which I'd deem worthwhile. This is especially so for this case where it is possible to work around the limitation by using a memberOf overlay on the LDAP system. Therefore I'm going to close this off.

@ssddanbrown commented on GitHub (Jun 15, 2021): Thanks for the request @das-kaesebrot. As @tiredofit has pointed out I would not want to dedicate too much additional time or expand out the auth system features unless there's significant benefit in doing so, to ensure the maintenance burden does not grow much greater. Since noone else has previously or since requested `memberUid` it appears the demand is very much limited and outside that which I'd deem worthwhile. This is especially so for this case where it is possible to work around the limitation by using a `memberOf` overlay on the LDAP system. Therefore I'm going to close this off.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🚪 Authentication 🌔 Out of scope

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1948