Permissions based on OU with LDAP #2674

New Issue

Closed

opened 2026-02-05 04:45:51 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 04:45:51 +03:00

Owner

Copy Link

Originally created by @usr-bin-urxvt on GitHub (Feb 26, 2022).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

Currently I am using the following settings and have to add the group to many users:

LDAP_USER_TO_GROUPS=true
LDAP_GROUP_ATTRIBUTE="memberOf"
LDAP_REMOVE_FROM_GROUPS=false

But our permission system is based on OUs rather than groups, so for other services I use the following settings:
AUTH_LDAP_GROUP_SEARCH = "LDAPSearch('dc=corp,dc=com', ldap.SCOPE_SUBTREE,'(objectClass=group)')"
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType

Is it possible to also use these settings for assigning roles/permissions? I want the "IT Department" OU (with the external auth ID of "it-department" assigned) to work with roles.

Exact BookStack Version

v21.12.5

Log Content

No response

PHP Version

8.0

Hosting Environment

Ubuntu 20.04, installed using official guide.

Originally created by @usr-bin-urxvt on GitHub (Feb 26, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Currently I am using the following settings and have to add the group to many users: LDAP_USER_TO_GROUPS=true LDAP_GROUP_ATTRIBUTE="memberOf" LDAP_REMOVE_FROM_GROUPS=false But our permission system is based on OUs rather than groups, so for other services I use the following settings: AUTH_LDAP_GROUP_SEARCH = "LDAPSearch('dc=corp,dc=com', ldap.SCOPE_SUBTREE,'(objectClass=group)')" AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType Is it possible to also use these settings for assigning roles/permissions? I want the "IT Department" OU (with the external auth ID of "it-department" assigned) to work with roles. ### Exact BookStack Version v21.12.5 ### Log Content _No response_ ### PHP Version 8.0 ### Hosting Environment Ubuntu 20.04, installed using official guide.

OVERLORD added the 🐕 Support label 2026-02-05 04:45:51 +03:00

OVERLORD closed this issue 2026-02-05 04:45:53 +03:00

OVERLORD commented 2026-02-05 04:45:59 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 28, 2022):

Hi @usr-bin-urxvt,
We don't support any kind of LDAP group sync outside of the memberOf style groups system.
From what I've seen this is generally the standard for LDAP managed groups?
I wouldn't really be looking to extend our support in this area any further since adding edge-case auth features can built significant maintenance and support burden.

If it's just one group that you want to limit access to, you can often just update the LDAP_USER_FILTER.

If you have some dev skills available, we do have a logical theme system where you could hook into login events to potentially run custom functionality.

@ssddanbrown commented on GitHub (Feb 28, 2022): Hi @usr-bin-urxvt, We don't support any kind of LDAP group sync outside of the `memberOf` style groups system. From what I've seen this is generally the standard for LDAP managed groups? I wouldn't really be looking to extend our support in this area any further since adding edge-case auth features can built significant maintenance and support burden. If it's just one group that you want to limit access to, you can often just update the `LDAP_USER_FILTER`. If you have some dev skills available, we do have a [logical theme system](https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md) where you could hook into login events to potentially run custom functionality.

OVERLORD commented 2026-02-05 04:46:04 +03:00

Author

Owner

Copy Link

@usr-bin-urxvt commented on GitHub (Feb 28, 2022):

Thank you for the quick reply.

@usr-bin-urxvt commented on GitHub (Feb 28, 2022): Thank you for the quick reply.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2674