starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-13 03:13:58 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

FreeIPA and LDAP group sync #2691

New Issue
Closed
opened 2026-02-05 04:48:19 +03:00 by OVERLORD · 13 comments
OVERLORD commented 2026-02-05 04:48:19 +03:00
Owner
Copy Link

Originally created by @samip5 on GitHub (Mar 2, 2022).

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

Using FreeIPA with LDAP and trying to get LDAP groups to sync

Exact BookStack Version

v22.02.1

Log Content

No response

PHP Version

No response

Hosting Environment

Linuxserver.io Docker container with nginx reverse proxy

Originally created by @samip5 on GitHub (Mar 2, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Using FreeIPA with LDAP and trying to get LDAP groups to sync ### Exact BookStack Version v22.02.1 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment Linuxserver.io Docker container with nginx reverse proxy
OVERLORD added the 🐕 Support📖 Docs Update labels 2026-02-05 04:48:19 +03:00
OVERLORD commented 2026-02-05 04:48:28 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

How can I map LDAP groups to Bookstack roles? I don't want to create exact replicas of the roles in LDAP?

I'm using the baseDN: cn=accounts,dc=redacted,dc=redacted,dc=fi

@samip5 commented on GitHub (Mar 2, 2022): How can I map LDAP groups to Bookstack roles? I don't want to create exact replicas of the roles in LDAP? I'm using the baseDN: `cn=accounts,dc=redacted,dc=redacted,dc=fi`
OVERLORD commented 2026-02-05 04:48:32 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 2, 2022):

Hi @samip5,
My video here explains LDAP group mapping with BookStack:
https://youtu.be/50qw_LkhwoM?t=1126

Around the 27:45 timestamp of the video I talk about mapping groups to roles with differing names.

@ssddanbrown commented on GitHub (Mar 2, 2022): Hi @samip5, My video here explains LDAP group mapping with BookStack: https://youtu.be/50qw_LkhwoM?t=1126 Around the `27:45` timestamp of the video I talk about mapping groups to roles with differing names.
OVERLORD commented 2026-02-05 04:48:37 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

Hi @samip5, My video here explains LDAP group mapping with BookStack: https://youtu.be/50qw_LkhwoM?t=1126

Around the 27:45 timestamp of the video I talk about mapping groups to roles with differing names.

Oh, thank you. Somehow didin't even tought to look if there's video docs about it, I think that should probably be created into the docs site as well, or have a link to the video there next to LDAP Group mappings.

Can I not do those mappings from an .env file? I would love to be able to do those there, so that's more easy to do ansible on.

@samip5 commented on GitHub (Mar 2, 2022): > Hi @samip5, My video here explains LDAP group mapping with BookStack: https://youtu.be/50qw_LkhwoM?t=1126 > > Around the `27:45` timestamp of the video I talk about mapping groups to roles with differing names. Oh, thank you. Somehow didin't even tought to look if there's video docs about it, I think that should probably be created into the docs site as well, or have a link to the video there next to LDAP Group mappings. Can I not do those mappings from an .env file? I would love to be able to do those there, so that's more easy to do ansible on.
OVERLORD commented 2026-02-05 04:48:40 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 2, 2022):

have a link to the video there next to LDAP Group mappings.

Yeah, am planning to do this, the videos are fairly new.

Can I not do those mappings from an .env file?

No, since the BookStack roles can be dynamic (managed within the interface) I'd look to keep this mapping within the interface alongside other role detail. It is just a text field within the database though, on the roles table (If you can ansible up some cheeky database update commands).

@ssddanbrown commented on GitHub (Mar 2, 2022): > have a link to the video there next to LDAP Group mappings. Yeah, am planning to do this, the videos are fairly new. > Can I not do those mappings from an .env file? No, since the BookStack roles can be dynamic (managed within the interface) I'd look to keep this mapping within the interface alongside other role detail. It is just a text field within the database though, on the `roles` table (If you can ansible up some cheeky database update commands).
OVERLORD commented 2026-02-05 04:48:42 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

No, since the BookStack roles can be dynamic (managed within the interface) I'd look to keep this mapping within the interface alongside other role detail. It is just a text field within the database though, on the roles table (If you can ansible up some cheeky database update commands).

co-workers might not like that.... even if that is more than likely possible.

@samip5 commented on GitHub (Mar 2, 2022): > No, since the BookStack roles can be dynamic (managed within the interface) I'd look to keep this mapping within the interface alongside other role detail. It is just a text field within the database though, on the `roles` table (If you can ansible up some cheeky database update commands). co-workers might not like that.... even if that is more than likely possible.
OVERLORD commented 2026-02-05 04:48:45 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 2, 2022):

Sure, but I'm not keen to add an optional system for mapping, for an optional component of an optional authentication system 😬

I'll keep this open as a reminder to add video links to our docs to support future readers.

@ssddanbrown commented on GitHub (Mar 2, 2022): Sure, but I'm not keen to add an optional system for mapping, for an optional component of an optional authentication system :grimacing: I'll keep this open as a reminder to add video links to our docs to support future readers.
OVERLORD commented 2026-02-05 04:48:49 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

Also, in my FreeIPA, the solution in https://github.com/BookStackApp/BookStack/pull/2753#issuecomment-843558165 doesn't seem to work anymore. Using FreeIPA v4.9.0.

Bookstack doesn't seem to find any groups when set to use memberOf and Base DN: cn=accounts,dc=redacted,dc=redacted,dc=fi

Should those be visiable when trying to login with LDAP_DUMP_USER_DETAILS enabled?

@samip5 commented on GitHub (Mar 2, 2022): Also, in my FreeIPA, the solution in https://github.com/BookStackApp/BookStack/pull/2753#issuecomment-843558165 doesn't seem to work anymore. Using FreeIPA v4.9.0. Bookstack doesn't seem to find any groups when set to use memberOf and Base DN: `cn=accounts,dc=redacted,dc=redacted,dc=fi` Should those be visiable when trying to login with `LDAP_DUMP_USER_DETAILS` enabled?
OVERLORD commented 2026-02-05 04:48:51 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 2, 2022):

Should those be visiable when trying to login with LDAP_DUMP_USER_DETAILS enabled?

No, not for LDAP, group fetching is done via secondary lookups after the user is dumped for this option.

the solution in https://github.com/BookStackApp/BookStack/pull/2753#issuecomment-843558165 doesn't seem to work anymore.

The solution in that thread was to add an additional filter to the LDAP_USER_FILTER option to prevent matching against duplicates. Did you update the LDAP_USER_FILTER? What part is not working?

@ssddanbrown commented on GitHub (Mar 2, 2022): > Should those be visiable when trying to login with LDAP_DUMP_USER_DETAILS enabled? No, not for LDAP, group fetching is done via secondary lookups after the user is dumped for this option. > the solution in https://github.com/BookStackApp/BookStack/pull/2753#issuecomment-843558165 doesn't seem to work anymore. The solution in that thread was to add an additional filter to the `LDAP_USER_FILTER` option to prevent matching against duplicates. Did you update the `LDAP_USER_FILTER`? What part is not working?
OVERLORD commented 2026-02-05 04:48:56 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

The solution in that thread was to add an additional filter to the LDAP_USER_FILTER option to prevent matching against duplicates. Did you update the LDAP_USER_FILTER? What part is not working?

I'm sorry but what filter there? I did not spot any changes to that filter there? I just changed my base DN to the one with cn=accounts.

Should those be visiable when trying to login with LDAP_DUMP_USER_DETAILS enabled?

No, not for LDAP, group fetching is done via secondary lookups after the user is dumped for this option.

Then how should I debug this properly?

@samip5 commented on GitHub (Mar 2, 2022): > The solution in that thread was to add an additional filter to the `LDAP_USER_FILTER` option to prevent matching against duplicates. Did you update the `LDAP_USER_FILTER`? What part is not working? I'm sorry but what filter there? I did not spot any changes to that filter there? I just changed my base DN to the one with `cn=accounts`. > > Should those be visiable when trying to login with LDAP_DUMP_USER_DETAILS enabled? > > No, not for LDAP, group fetching is done via secondary lookups after the user is dumped for this option. Then how should I debug this properly?
OVERLORD commented 2026-02-05 04:48:58 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

It seems anonymous bind will not see mail address nor the groups users are members of.

However it also created an expection when I logged-in while it edited the user to be admin.

Exception Content 
[2022-03-02 13:27:50] production.ERROR: Argument 1 passed to BookStack\Http\Controllers\UserController::edit() must be of the type int, string given, called in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 {"userId":3,"exception":"[object] (TypeError(code: 0): Argument 1 passed to BookStack\\Http\\Controllers\\UserController::edit() must be of the type int, string given, called in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 at /var/www/html/app/Http/Controllers/UserController.php:106)
[stacktrace]
#0 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\UserController->edit()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#6 /var/www/html/app/Http/Middleware/Authenticate.php(23): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Authenticate->handle()
#8 /var/www/html/app/Http/Middleware/Localization.php(82): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#9 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle()
#10 /var/www/html/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#11 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle()
#12 /var/www/html/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle()
#14 /var/www/html/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#15 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle()
#16 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#17 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#18 /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#19 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#20 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#21 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#22 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
#23 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#24 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#25 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#26 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#27 /var/www/html/app/Http/Middleware/ApplyCspRules.php(36): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#28 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle()
#29 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then()
#31 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack()
#32 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute()
#33 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute()
#34 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
#35 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#36 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#37 /var/www/html/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#38 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle()
#39 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#40 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#41 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#42 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#44 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#47 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
#48 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#49 /var/www/html/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle()
#50 {main}
"}
@samip5 commented on GitHub (Mar 2, 2022): It seems anonymous bind will not see mail address nor the groups users are members of. However it also created an expection when I logged-in while it edited the user to be admin. <details> <summary>Exception Content</summary> ``` [2022-03-02 13:27:50] production.ERROR: Argument 1 passed to BookStack\Http\Controllers\UserController::edit() must be of the type int, string given, called in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 {"userId":3,"exception":"[object] (TypeError(code: 0): Argument 1 passed to BookStack\\Http\\Controllers\\UserController::edit() must be of the type int, string given, called in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php on line 54 at /var/www/html/app/Http/Controllers/UserController.php:106) [stacktrace] #0 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\UserController->edit() #1 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction() #2 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch() #3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController() #4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run() #5 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}() #6 /var/www/html/app/Http/Middleware/Authenticate.php(23): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #7 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Authenticate->handle() #8 /var/www/html/app/Http/Middleware/Localization.php(82): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #9 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle() #10 /var/www/html/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #11 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle() #12 /var/www/html/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #13 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle() #14 /var/www/html/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #15 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle() #16 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #17 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle() #18 /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #19 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle() #20 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #21 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest() #22 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle() #23 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #24 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle() #25 /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle() #27 /var/www/html/app/Http/Middleware/ApplyCspRules.php(36): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle() #29 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then() #31 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack() #32 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute() #33 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute() #34 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch() #35 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #36 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #37 /var/www/html/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle() #38 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle() #39 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #40 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #41 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle() #42 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #43 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #44 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #45 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle() #46 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #47 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then() #48 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #49 /var/www/html/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle() #50 {main} "} ``` </details>
OVERLORD commented 2026-02-05 04:49:07 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 2, 2022):

I'm sorry but what filter there? I did not spot any changes to that filter there?

Within #2753 there were two potential solutions I put forward, changing base DN or altering the LDAP_USER_FILTER to only target one set of users. I'm not sure what approach they used though. Might have been the base DN change.

Then how should I debug this properly?

Debugging options for LDAP groups are limited within BookStack to be honest. I think most people may debug via using ldapsearch on the command line from the same machine, using the same options to emulate the BookStack calls.

Adding the below between these two lines would dump out the groups although after some BookStack processing.

dd($userLdapGroups);

You might need APP_DEBUG=true enabled while doing that (Can potentially expose details while enabled).

@ssddanbrown commented on GitHub (Mar 2, 2022): > I'm sorry but what filter there? I did not spot any changes to that filter there? Within #2753 there were two potential solutions I put forward, changing base DN or altering the `LDAP_USER_FILTER` to only target one set of users. I'm not sure what approach they used though. Might have been the base DN change. > Then how should I debug this properly? Debugging options for LDAP groups are limited within BookStack to be honest. I think most people may debug via using `ldapsearch` on the command line from the same machine, using the same options to emulate the BookStack calls. Adding the below [between these two lines](https://github.com/BookStackApp/BookStack/blob/36d7ff77a9b63e20fcb321410d4e7ff2cb6790f8/app/Auth/Access/LdapService.php#L375-L376) would dump out the groups although after some BookStack processing. ```php dd($userLdapGroups); ``` You might need `APP_DEBUG=true` enabled while doing that (Can potentially expose details while enabled).
OVERLORD commented 2026-02-05 04:49:13 +03:00
Author
Owner
Copy Link

@samip5 commented on GitHub (Mar 2, 2022):

It seems that the exception only happens if the user already exists, but doesn't for new one with group sync working.
It does work though still, it just throws an exception too.

@samip5 commented on GitHub (Mar 2, 2022): It seems that the exception only happens if the user already exists, but doesn't for new one with group sync working. It does work though still, it just throws an exception too.
OVERLORD commented 2026-02-05 04:49:19 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 3, 2022):

YouTube links added to docs in 9e9e77c114 so will therefore close this off.

@samip5 If that's exception is a reproducible error feel free to raise an issue for it. Not sure how that can occur in normal usage unless you're replacing numeric IDs in the URL with words, but might point to a bad link somewhere.

@ssddanbrown commented on GitHub (Mar 3, 2022): YouTube links added to docs in https://github.com/BookStackApp/website/commit/9e9e77c114e0084be8bf4cb32bbd4d66c065e52e so will therefore close this off. @samip5 If that's exception is a reproducible error feel free to raise an issue for it. Not sure how that can occur in normal usage unless you're replacing numeric IDs in the URL with words, but might point to a bad link somewhere.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 📖 Docs Update 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#2691
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?