Active diretory questions #2278

New Issue

OVERLORD · 2026-02-05T03:32:36+03:00

OVERLORD commented

2026-02-05 03:32:36 +03:00

Originally created by @dakarbr on GitHub (Jun 5, 2021).

I was able to log bookstack into an LDAP active directory on a windows 2019 but I'm not getting it on a windows 2012 r2

the only difference in 2019 runs version 21.4 and in win2012 version 21.5

Originally created by @dakarbr on GitHub (Jun 5, 2021). I was able to log bookstack into an LDAP active directory on a windows 2019 but I'm not getting it on a windows 2012 r2 the only difference in 2019 runs version 21.4 and in win2012 version 21.5

OVERLORD closed this issue

2026-02-05 03:32:37 +03:00

OVERLORD commented

2026-02-05 03:32:40 +03:00

@ssddanbrown commented on GitHub (Jun 5, 2021):

Hi @dakarbr,
To be able to help in some way we'll need a bit more information about your scenario:

Are you getting some kind of error when using 2012? Or what exactly is the issue?
Is this a single BookStack instance where you're switching from 2019 to 2012? Or are these also different BookStack instances?

@ssddanbrown commented on GitHub (Jun 5, 2021): Hi @dakarbr, To be able to help in some way we'll need a bit more information about your scenario: - Are you getting some kind of error when using 2012? Or what exactly is the issue? - Is this a single BookStack instance where you're switching from 2019 to 2012? Or are these also different BookStack instances?

OVERLORD commented

2026-02-05 03:32:42 +03:00

@dakarbr commented on GitHub (Jun 5, 2021):

are different instances and servers

but in both I'm running ubuntu 20.4

all updated

in one running bookstack version 21.4
server win2019 100% functional

on another bookstack 21.5
windows 2012 r2
when I switch to ldap it doesn't even load the page

@dakarbr commented on GitHub (Jun 5, 2021): are different instances and servers but in both I'm running ubuntu 20.4 all updated in one running bookstack version 21.4 server win2019 100% functional on another bookstack 21.5 windows 2012 r2 when I switch to ldap it doesn't even load the page

OVERLORD commented

2026-02-05 03:32:44 +03:00

@ssddanbrown commented on GitHub (Jun 5, 2021):

@dakarbr

when I switch to ldap it doesn't even load the page

If you get no page loading at all, Then it's likely a issue with some characters in the .env file. Try wrapping some of the LDAP option values in single quotes, For example:

LDAP_USER_FILTER='(&(uid=${user}))'

If you get an error page, Check your BookStack log file as described here: https://www.bookstackapp.com/docs/admin/debugging/

@ssddanbrown commented on GitHub (Jun 5, 2021): @dakarbr > when I switch to ldap it doesn't even load the page If you get no page loading at all, Then it's likely a issue with some characters in the `.env` file. Try wrapping some of the LDAP option values in single quotes, For example: ```.env LDAP_USER_FILTER='(&(uid=${user}))' ``` If you get an error page, Check your BookStack log file as described here: https://www.bookstackapp.com/docs/admin/debugging/

OVERLORD commented

2026-02-05 03:32:48 +03:00

@dakarbr commented on GitHub (Jun 5, 2021):

my file on win2019 works perfect

# General auth
AUTH_METHOD=ldap

# The LDAP host, Adding a port is optional
LDAP_SERVER=192.168.1.240:389
# If using LDAP over SSL you should also define the protocol:
# LDAP_SERVER=ldaps://example.com:636

# The base DN from where users will be searched within

LDAP_BASE_DN=dc=domain,dc=com

# The full DN and password of the user used to search the server
# Can both be left as false to bind anonymously
LDAP_DN=administrator@domain.com
LDAP_PASS=password

# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
# If you're setting this option via other means, such as within a docker-compose.yml,
# you may need escape the $, often using $$ or \$ instead.
LDAP_USER_FILTER=(&(sAMAccountName=${user}))

# Set the LDAP version to use when connecting to the server
# Should be set to 3 in most cases.
LDAP_VERSION=3

# Set the property to use as a unique identifier for this user.
# Stored and used to match LDAP users with existing BookStack users.
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
# binary data and BookStack will convert the value to a hexidecimal representation.
# Defaults to 'uid'.
LDAP_ID_ATTRIBUTE=BIN;objectGUID

# Set the default 'email' attribute. Defaults to 'mail'
LDAP_EMAIL_ATTRIBUTE=mail

# Set the property to use for a user's display name. Defaults to 'cn'
LDAP_DISPLAY_NAME_ATTRIBUTE=cn

# Force TLS to be used for LDAP communication.
# Use this if you can but your LDAP support will need to support it and
# you may need to import your certificate to the BookStack host machine.
# Defaults to 'false'.
LDAP_START_TLS=false

# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.
# If using php-fpm, you may want to restart it after changing this option to avoid instability.
#LDAP_TLS_INSECURE=true

# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
# Only set this option if debugging since it will block logins and potentially show private details.
#LDAP_DUMP_USER_DETAILS=true

LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto

@dakarbr commented on GitHub (Jun 5, 2021): my file on win2019 works perfect ```bash # General auth AUTH_METHOD=ldap # The LDAP host, Adding a port is optional LDAP_SERVER=192.168.1.240:389 # If using LDAP over SSL you should also define the protocol: # LDAP_SERVER=ldaps://example.com:636 # The base DN from where users will be searched within LDAP_BASE_DN=dc=domain,dc=com # The full DN and password of the user used to search the server # Can both be left as false to bind anonymously LDAP_DN=administrator@domain.com LDAP_PASS=password # A filter to use when searching for users # The user-provided user-name used to replace any occurrences of '${user}' # If you're setting this option via other means, such as within a docker-compose.yml, # you may need escape the $, often using $$ or \$ instead. LDAP_USER_FILTER=(&(sAMAccountName=${user})) # Set the LDAP version to use when connecting to the server # Should be set to 3 in most cases. LDAP_VERSION=3 # Set the property to use as a unique identifier for this user. # Stored and used to match LDAP users with existing BookStack users. # Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as # binary data and BookStack will convert the value to a hexidecimal representation. # Defaults to 'uid'. LDAP_ID_ATTRIBUTE=BIN;objectGUID # Set the default 'email' attribute. Defaults to 'mail' LDAP_EMAIL_ATTRIBUTE=mail # Set the property to use for a user's display name. Defaults to 'cn' LDAP_DISPLAY_NAME_ATTRIBUTE=cn # Force TLS to be used for LDAP communication. # Use this if you can but your LDAP support will need to support it and # you may need to import your certificate to the BookStack host machine. # Defaults to 'false'. LDAP_START_TLS=false # If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #) # Only set this option if debugging or you're absolutely sure it's required for your setup. # If using php-fpm, you may want to restart it after changing this option to avoid instability. #LDAP_TLS_INSECURE=true # If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #) # Only set this option if debugging since it will block logins and potentially show private details. #LDAP_DUMP_USER_DETAILS=true LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto ```

OVERLORD commented

2026-02-05 03:32:52 +03:00

@ssddanbrown commented on GitHub (Jun 5, 2021):

@dakarbr Try removing the last line of that posted config:

LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto

That option is fairly new, there's a chance it's causing issues.

When you say:

when I switch to ldap it doesn't even load the page

Is that when attempting to just view the login page? Or are you able to see the login page but it stops loading when attempting to login?

@ssddanbrown commented on GitHub (Jun 5, 2021): @dakarbr Try removing the last line of that posted config: ``` LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto ``` That option is fairly new, there's a chance it's causing issues. When you say: > when I switch to ldap it doesn't even load the page Is that when attempting to just view the login page? Or are you able to see the login page but it stops loading when attempting to login?

OVERLORD commented

2026-02-05 03:32:55 +03:00

@dakarbr commented on GitHub (Jun 5, 2021):

I think I found the problem.

the ad password has - and spaces

how can i decide where there is space?

in the config file

@dakarbr commented on GitHub (Jun 5, 2021): I think I found the problem. the ad password has - and spaces how can i decide where there is space? in the config file

OVERLORD commented

2026-02-05 03:32:57 +03:00

@ssddanbrown commented on GitHub (Jun 6, 2021):

@dakarbr To support spaces wrap the whole value in quotes, For example:

MY_OPTION="Value with spaces within"

@ssddanbrown commented on GitHub (Jun 6, 2021): @dakarbr To support spaces wrap the whole value in quotes, For example: ```bash MY_OPTION="Value with spaces within" ```

OVERLORD commented

2026-02-05 03:33:04 +03:00

@dakarbr commented on GitHub (Jun 7, 2021):

Tks

@dakarbr commented on GitHub (Jun 7, 2021): Tks

OVERLORD commented

2026-02-05 03:33:11 +03:00

@ssddanbrown commented on GitHub (Jun 13, 2021):

Will therefore close this off.

@ssddanbrown commented on GitHub (Jun 13, 2021): Will therefore close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2278