starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-23 19:07:16 +03:00
Code Issues 784 Packages Projects Releases 14 Wiki Activity

Active Directory LDAP not working #276

New Issue
Closed
opened 2026-02-04 18:13:57 +03:00 by OVERLORD · 11 comments
OVERLORD commented 2026-02-04 18:13:57 +03:00
Owner
Copy Link

Originally created by @RantMaster on GitHub (Feb 20, 2017).

  • BookStack Version:0.14.3
  • PHP Version:7.0
  • MySQL Version:5.7.12
Expected Behavior

Allows AD users to Login

Actual Behavior

BookStack throws error about Search Operators.

Hi There,

I am having trouble making this work. I have been unable to get BookStack to find the DN rather than the UID. Bookstack successfully connects to AD but fails when trying to search for the user
This is the error I get
at HandleExceptions->handleError('2', 'ldap_search(): Search: Operations error', '/var/www/BookStack/app/Services/Ldap.php', '57', array('ldapConnection' => resource, 'baseDn' => 'DC=domain,DC=local', 'filter' => '(&(dn=${user}))', 'attributes' => array('cn', 'uid', 'dn', 'mail')))

This is how I have configured my LDAP settings:

LDAP Settings
LDAP_SERVER=172.23.35.10:389
LDAP_BASE_DN="DC=domain,DC=local"
LDAP_DN="CN=ServiceAccount,OU=Users,OU=Domain,DC=Domain,DC=local"
LDAP_PASS=password
LDAP_USER_FILTER=(&(dn=${user}))
LDAP_VERSION=3

I believe this is similar to #56

Let me know if you need any more info

Originally created by @RantMaster on GitHub (Feb 20, 2017). * BookStack Version:0.14.3 * PHP Version:7.0 * MySQL Version:5.7.12 ##### Expected Behavior Allows AD users to Login ##### Actual Behavior BookStack throws error about Search Operators. Hi There, I am having trouble making this work. I have been unable to get BookStack to find the DN rather than the UID. Bookstack successfully connects to AD but fails when trying to search for the user This is the error I get `at HandleExceptions->handleError('2', 'ldap_search(): Search: Operations error', '/var/www/BookStack/app/Services/Ldap.php', '57', array('ldapConnection' => resource, 'baseDn' => 'DC=domain,DC=local', 'filter' => '(&(dn=${user}))', 'attributes' => array('cn', 'uid', 'dn', 'mail')))` This is how I have configured my LDAP settings: LDAP Settings LDAP_SERVER=172.23.35.10:389 LDAP_BASE_DN="DC=domain,DC=local" LDAP_DN="CN=ServiceAccount,OU=Users,OU=Domain,DC=Domain,DC=local" LDAP_PASS=password LDAP_USER_FILTER=(&(dn=${user})) LDAP_VERSION=3 I believe this is similar to #56 Let me know if you need any more info
OVERLORD added the 🐛 Bug label 2026-02-04 18:13:57 +03:00
OVERLORD commented 2026-02-04 18:14:08 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Feb 23, 2017):

Hi @RantMaster, Sorry to hear your facing LDAP troubles.

The error message posted seems a little cut-off. Would you be able to post the full error message? Here a page on getting debug messages from logs:
https://www.bookstackapp.com/docs/admin/debugging/

@ssddanbrown commented on GitHub (Feb 23, 2017): Hi @RantMaster, Sorry to hear your facing LDAP troubles. The error message posted seems a little cut-off. Would you be able to post the full error message? Here a page on getting debug messages from logs: https://www.bookstackapp.com/docs/admin/debugging/
OVERLORD commented 2026-02-04 18:14:11 +03:00
Author
Owner
Copy Link

@btone-comm commented on GitHub (Mar 18, 2017):

@RantMaster
For whatever reason, we were not able to do a base search off of the LDAP root, but we did find that if we bind to a container or organizational unit that is worked without issue.

Also, quotes are not needed for the LDAP_BASE_DN

Here's is out LDAP settings for comparison:

# LDAP Settings
LDAP_SERVER=IP_ADDRESS
LDAP_BASE_DN=ou=OU_NAME,dc=DOMAIN,dc=local
LDAP_DN=USER@DOMAIN.COM
LDAP_PASS=PASSWORD
LDAP_USER_FILTER=(&(uid=${user}))
LDAP_VERSION=3
@btone-comm commented on GitHub (Mar 18, 2017): @RantMaster For whatever reason, we were not able to do a base search off of the LDAP root, but we did find that if we bind to a container or organizational unit that is worked without issue. Also, quotes are not needed for the LDAP_BASE_DN Here's is out LDAP settings for comparison: ``` # LDAP Settings LDAP_SERVER=IP_ADDRESS LDAP_BASE_DN=ou=OU_NAME,dc=DOMAIN,dc=local LDAP_DN=USER@DOMAIN.COM LDAP_PASS=PASSWORD LDAP_USER_FILTER=(&(uid=${user})) LDAP_VERSION=3 ```
OVERLORD commented 2026-02-04 18:14:25 +03:00
Author
Owner
Copy Link

@comnam90 commented on GitHub (Mar 28, 2017):

@btone-comm
Thanks man for that tip! no longer getting any errors in laravel.log when trying to login, however I'm also not able to login :/
I'm getting:

These credentials do not match our records

Any thoughts or tips on this one?

Update
Nevermind, I changed the filter from uid=${user} to SAMAccountName=${user} and that sorted it

@comnam90 commented on GitHub (Mar 28, 2017): @btone-comm Thanks man for that tip! no longer getting any errors in laravel.log when trying to login, however I'm also not able to login :/ I'm getting: > These credentials do not match our records Any thoughts or tips on this one? **Update** Nevermind, I changed the filter from `uid=${user}` to `SAMAccountName=${user}` and that sorted it
OVERLORD commented 2026-02-04 18:14:32 +03:00
Author
Owner
Copy Link

@btone-comm commented on GitHub (Mar 28, 2017):

@comnam90 Awesome!

@btone-comm commented on GitHub (Mar 28, 2017): @comnam90 Awesome!
OVERLORD commented 2026-02-04 18:14:34 +03:00
Author
Owner
Copy Link

@Alwaysin commented on GitHub (Jul 10, 2017):

For whatever reason, we were not able to do a base search off of the LDAP root, but we did find that if we bind to a container or organizational unit that is worked without issue.

Does anybody has come with a fix for this issue? I hit the same bug: https://github.com/BookStackApp/BookStack/issues/431 and cannot authenticate my users into the app :'(

@Alwaysin commented on GitHub (Jul 10, 2017): > For whatever reason, we were not able to do a base search off of the LDAP root, but we did find that if we bind to a container or organizational unit that is worked without issue. Does anybody has come with a fix for this issue? I hit the same bug: https://github.com/BookStackApp/BookStack/issues/431 and cannot authenticate my users into the app :'(
OVERLORD commented 2026-02-04 18:14:46 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jul 10, 2017):

@Alwaysin Can you try the following:

  1. Open the app/Services/LdapService.php file. After line 44, Add the following line:
$this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, 0);

That block of code should then look like this:

        // Find user
        $userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]);
        $baseDn = $this->config['base_dn'];
        $emailAttr = $this->config['email_attribute'];
        $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, 0);
        $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', $emailAttr]);
        if ($users['count'] === 0) return null;

Then see if it binds on the base DN. Unfortunately I don't have active directory myself so I can't test this before deploying a fix. Let me know if this works and I'll patch it into a bugfix release.

@ssddanbrown commented on GitHub (Jul 10, 2017): @Alwaysin Can you try the following: 1. Open the `app/Services/LdapService.php` file. After line 44, Add the following line: ```php $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, 0); ``` That block of code should then look like this: ```php // Find user $userFilter = $this->buildFilter($this->config['user_filter'], ['user' => $userName]); $baseDn = $this->config['base_dn']; $emailAttr = $this->config['email_attribute']; $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, 0); $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', $emailAttr]); if ($users['count'] === 0) return null; ``` Then see if it binds on the base DN. Unfortunately I don't have active directory myself so I can't test this before deploying a fix. Let me know if this works and I'll patch it into a bugfix release.
OVERLORD commented 2026-02-04 18:14:48 +03:00
Author
Owner
Copy Link

@Alwaysin commented on GitHub (Jul 10, 2017):

With this line added, I got a new error:

Whoops, looks like something went wrong.

1/1
ErrorException in Ldap.php line 57:
ldap_search(): Search: Partial results and referral received

I hope it is going into the right direction :D

@Alwaysin commented on GitHub (Jul 10, 2017): With this line added, I got a new error: ``` Whoops, looks like something went wrong. 1/1 ErrorException in Ldap.php line 57: ldap_search(): Search: Partial results and referral received ``` I hope it is going into the right direction :D
OVERLORD commented 2026-02-04 18:14:53 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jul 10, 2017):

@Alwaysin Do you have the following line in your .env file?

LDAP_VERSION=3

If not, Please try adding it. (Might need to run php artisan optimize after changing .env file)

@ssddanbrown commented on GitHub (Jul 10, 2017): @Alwaysin Do you have the following line in your `.env` file? ``` LDAP_VERSION=3 ``` If not, Please try adding it. (Might need to run `php artisan optimize` after changing .env file)
OVERLORD commented 2026-02-04 18:15:06 +03:00
Author
Owner
Copy Link

@Alwaysin commented on GitHub (Jul 10, 2017):

Yes!!
That made it work!

Thank you very much @ssddanbrown :)

@Alwaysin commented on GitHub (Jul 10, 2017): Yes!! That made it work! Thank you very much @ssddanbrown :)
OVERLORD commented 2026-02-04 18:15:13 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jul 10, 2017):

@Alwaysin Awesome, Glad to hear. I'll mark this change to be in the next bugfix release. Keep this in mind as you might have to make a configuration tweak on that update in the event there's a reason this change will have to be configurable/non-default.

@ssddanbrown commented on GitHub (Jul 10, 2017): @Alwaysin Awesome, Glad to hear. I'll mark this change to be in the next bugfix release. Keep this in mind as you might have to make a configuration tweak on that update in the event there's a reason this change will have to be configurable/non-default.
OVERLORD commented 2026-02-04 18:15:18 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jul 10, 2017):

Update now out to cover this.

@ssddanbrown commented on GitHub (Jul 10, 2017): Update now out to cover this.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐛 Bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#276
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?