LDAP auth not working #2808

New Issue

Closed

opened 2026-02-05 05:15:41 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 05:15:41 +03:00

Owner

Copy Link

Originally created by @tdtmusic2 on GitHub (May 20, 2022).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

Hi everyone,

I have a fresh installation of Bookstack and I was trying to bind the AD to it, so users can login with their credentials. However, I can't seem to make it work, even after following everything I could find about this. My issue is exactly like the one here: https://github.com/BookStackApp/BookStack/issues/931

This is my .env ldap config:

# The LDAP host, Adding a port is optional
LDAP_SERVER=dc.mydomain.com
# If using LDAP over SSL you should also define the protocol:
#LDAP_SERVER=ldaps://dc.mydomain.com:636

# The base DN from where users will be searched within
LDAP_BASE_DN="ou=IT,dc=mydomain,dc=com"

# The full DN and password of the user used to search the server
# Can both be left as 'false' (without quotes) to bind anonymously
LDAP_DN="CN=Wiki,OU=IT,DC=mydomain,DC=com"
LDAP_PASS="123456"

# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
# If you're setting this option via other means, such as within a docker-compose.yml,
# you may need escape the $, often using $$ or \$ instead.
# Note: This option cannot be used with the docker-compose.yml `env_file` option.
LDAP_USER_FILTER=(&(sAMAccountName=${user}))

# Set the LDAP version to use when connecting to the server
# Should be set to 3 in most cases.
LDAP_VERSION=3

# Set the property to use as a unique identifier for this user.
# Stored and used to match LDAP users with existing BookStack users.
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
# binary data and BookStack will convert the value to a hexidecimal representation.
# Defaults to 'uid'.
LDAP_ID_ATTRIBUTE=BIN;objectGUID

# Set the default 'email' attribute. Defaults to 'mail'
LDAP_EMAIL_ATTRIBUTE=mail

# Set the property to use for a user's display name. Defaults to 'cn'
LDAP_DISPLAY_NAME_ATTRIBUTE=cn

# Set the attribute to use for the user's avatar image.
# Must provide JPEG binary image data.
# Will be used upon login or registration when the user doesn't
# already have an avatar image set.
# Remove this option or set to 'null' to disable LDAP avatar import.
LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto

# Force TLS to be used for LDAP communication.
# Use this if you can but your LDAP support will need to support it and
# you may need to import your certificate to the BookStack host machine.
# Defaults to 'false'.
LDAP_START_TLS=false

# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.
# If using php-fpm, you may want to restart it after changing this option to avoid instability.
#LDAP_TLS_INSECURE=true

# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
# Only set this option if debugging since it will block logins and potentially show private details.
#LDAP_DUMP_USER_DETAILS=true

When trying to login I get
ErrorException
ldap_bind(): Unable to bind to server: Invalid credentials

As a side note, how does the app handle OUs with spaces in their names? And also users with spaces in the name? When editing the .env file I noticed that after adding space the next word turns red, don't know if it's a problem or not.

Exact BookStack Version

22.04.2

Log Content

#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError()
#1 /var/www/bookstack/app/Auth/Access/Ldap.php(107): ldap_bind()
#2 /var/www/bookstack/app/Auth/Access/LdapService.php(186): BookStack\Auth\Access\Ldap->bind()
#3 /var/www/bookstack/app/Auth/Access/LdapService.php(58): BookStack\Auth\Access\LdapService->bindSystemUser()
#4 /var/www/bookstack/app/Auth/Access/LdapService.php(95): BookStack\Auth\Access\LdapService->getUserWithAttributes()
#5 /var/www/bookstack/app/Auth/Access/Guards/LdapSessionGuard.php(72): BookStack\Auth\Access\LdapService->getUserDetails()
#6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(336): BookStack\Auth\Access\Guards\LdapSessionGuard->attempt()
#7 /var/www/bookstack/app/Auth/Access/LoginService.php(155): Illuminate\Auth\AuthManager->__call()
#8 /var/www/bookstack/app/Http/Controllers/Auth/LoginController.php(151): BookStack\Auth\Access\LoginService->attempt()
#9 /var/www/bookstack/app/Http/Controllers/Auth/LoginController.php(120): BookStack\Http\Controllers\Auth\LoginController->attemptLogin()
#10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\LoginController->login()
#11 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction()
#12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch()
#13 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run()
#15 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}()
#16 /var/www/bookstack/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle()
#18 /var/www/bookstack/app/Http/Middleware/RedirectIfAuthenticated.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RedirectIfAuthenticated->handle()
#20 /var/www/bookstack/app/Http/Middleware/Localization.php(84): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle()
#22 /var/www/bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle()
#24 /var/www/bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle()
#26 /var/www/bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle()
#28 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
#35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#38 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#39 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle()
#41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then()
#43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack()
#44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute()
#45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute()
#46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch()
#47 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#48 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#49 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle()
#50 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle()
#51 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#52 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#53 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
#54 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#55 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#56 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#57 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#58 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#59 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then()
#60 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#61 /var/www/bookstack/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle()
#62 {main}

PHP Version

7.4.3

Hosting Environment

Ubuntu 20.04 virtual machine, installed via the official script.

Originally created by @tdtmusic2 on GitHub (May 20, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi everyone, I have a fresh installation of Bookstack and I was trying to bind the AD to it, so users can login with their credentials. However, I can't seem to make it work, even after following everything I could find about this. My issue is exactly like the one here: https://github.com/BookStackApp/BookStack/issues/931 This is my .env ldap config: ``` # The LDAP host, Adding a port is optional LDAP_SERVER=dc.mydomain.com # If using LDAP over SSL you should also define the protocol: #LDAP_SERVER=ldaps://dc.mydomain.com:636 # The base DN from where users will be searched within LDAP_BASE_DN="ou=IT,dc=mydomain,dc=com" # The full DN and password of the user used to search the server # Can both be left as 'false' (without quotes) to bind anonymously LDAP_DN="CN=Wiki,OU=IT,DC=mydomain,DC=com" LDAP_PASS="123456" # A filter to use when searching for users # The user-provided user-name used to replace any occurrences of '${user}' # If you're setting this option via other means, such as within a docker-compose.yml, # you may need escape the $, often using $$ or \$ instead. # Note: This option cannot be used with the docker-compose.yml `env_file` option. LDAP_USER_FILTER=(&(sAMAccountName=${user})) # Set the LDAP version to use when connecting to the server # Should be set to 3 in most cases. LDAP_VERSION=3 # Set the property to use as a unique identifier for this user. # Stored and used to match LDAP users with existing BookStack users. # Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as # binary data and BookStack will convert the value to a hexidecimal representation. # Defaults to 'uid'. LDAP_ID_ATTRIBUTE=BIN;objectGUID # Set the default 'email' attribute. Defaults to 'mail' LDAP_EMAIL_ATTRIBUTE=mail # Set the property to use for a user's display name. Defaults to 'cn' LDAP_DISPLAY_NAME_ATTRIBUTE=cn # Set the attribute to use for the user's avatar image. # Must provide JPEG binary image data. # Will be used upon login or registration when the user doesn't # already have an avatar image set. # Remove this option or set to 'null' to disable LDAP avatar import. LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto # Force TLS to be used for LDAP communication. # Use this if you can but your LDAP support will need to support it and # you may need to import your certificate to the BookStack host machine. # Defaults to 'false'. LDAP_START_TLS=false # If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #) # Only set this option if debugging or you're absolutely sure it's required for your setup. # If using php-fpm, you may want to restart it after changing this option to avoid instability. #LDAP_TLS_INSECURE=true # If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #) # Only set this option if debugging since it will block logins and potentially show private details. #LDAP_DUMP_USER_DETAILS=true ``` When trying to login I get ErrorException ldap_bind(): Unable to bind to server: Invalid credentials As a side note, how does the app handle OUs with spaces in their names? And also users with spaces in the name? When editing the .env file I noticed that after adding space the next word turns red, don't know if it's a problem or not. ### Exact BookStack Version 22.04.2 ### Log Content ``` #0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError() #1 /var/www/bookstack/app/Auth/Access/Ldap.php(107): ldap_bind() #2 /var/www/bookstack/app/Auth/Access/LdapService.php(186): BookStack\Auth\Access\Ldap->bind() #3 /var/www/bookstack/app/Auth/Access/LdapService.php(58): BookStack\Auth\Access\LdapService->bindSystemUser() #4 /var/www/bookstack/app/Auth/Access/LdapService.php(95): BookStack\Auth\Access\LdapService->getUserWithAttributes() #5 /var/www/bookstack/app/Auth/Access/Guards/LdapSessionGuard.php(72): BookStack\Auth\Access\LdapService->getUserDetails() #6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(336): BookStack\Auth\Access\Guards\LdapSessionGuard->attempt() #7 /var/www/bookstack/app/Auth/Access/LoginService.php(155): Illuminate\Auth\AuthManager->__call() #8 /var/www/bookstack/app/Http/Controllers/Auth/LoginController.php(151): BookStack\Auth\Access\LoginService->attempt() #9 /var/www/bookstack/app/Http/Controllers/Auth/LoginController.php(120): BookStack\Http\Controllers\Auth\LoginController->attemptLogin() #10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\LoginController->login() #11 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction() #12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch() #13 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController() #14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run() #15 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}() #16 /var/www/bookstack/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle() #18 /var/www/bookstack/app/Http/Middleware/RedirectIfAuthenticated.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RedirectIfAuthenticated->handle() #20 /var/www/bookstack/app/Http/Middleware/Localization.php(84): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle() #22 /var/www/bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle() #24 /var/www/bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle() #26 /var/www/bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle() #28 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle() #30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle() #32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest() #34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle() #35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle() #37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #38 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle() #39 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle() #41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then() #43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack() #44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute() #45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute() #46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch() #47 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}() #48 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #49 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle() #50 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle() #51 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #52 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle() #53 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle() #54 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #55 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle() #56 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #57 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle() #58 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() #59 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then() #60 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter() #61 /var/www/bookstack/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle() #62 {main} ``` ### PHP Version 7.4.3 ### Hosting Environment Ubuntu 20.04 virtual machine, installed via the official script.

OVERLORD added the 🐕 Support label 2026-02-05 05:15:41 +03:00

OVERLORD closed this issue 2026-02-05 05:15:49 +03:00

OVERLORD commented 2026-02-05 05:15:52 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (May 21, 2022):

Hi @tdtmusic2,
Do you happen to have any special characters within your LDAP_PASS value? Specifically a #?

How does the app handle OUs with spaces in their names? And also users with spaces in the name?

Spaces within .env values should be fine as long as the whole value is wrapped in quotes.
There should be no spaces between property names, the = or the value though.

@ssddanbrown commented on GitHub (May 21, 2022): Hi @tdtmusic2, Do you happen to have any special characters within your `LDAP_PASS` value? Specifically a `#`? > How does the app handle OUs with spaces in their names? And also users with spaces in the name? Spaces within `.env` values should be fine as long as the whole value is wrapped in quotes. There should be no spaces between property names, the `=` or the value though.

OVERLORD commented 2026-02-05 05:15:56 +03:00

Author

Owner

Copy Link

@tdtmusic2 commented on GitHub (May 21, 2022):

Hi @tdtmusic2, Do you happen to have any special characters within your LDAP_PASS value? Specifically a #?

Hi Dan. The first time I tried with a user that had : inside the password. After that, I tried with one that has $ at the beginning of the password. Could this be the issue? If so, I can set a password without special characters if needed.

@tdtmusic2 commented on GitHub (May 21, 2022): > Hi @tdtmusic2, Do you happen to have any special characters within your `LDAP_PASS` value? Specifically a `#`? Hi Dan. The first time I tried with a user that had : inside the password. After that, I tried with one that has $ at the beginning of the password. Could this be the issue? If so, I can set a password without special characters if needed.

OVERLORD commented 2026-02-05 05:16:02 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (May 21, 2022):

@tdtmusic2 I wouldn't have thought those would be an issue.

This is likely be an issue within one of the LDAP_PASS, LDAP_DN or LDAP_SERVER options.
Hard to know from my perspective, without full understanding of your LDAP environment.

You could test things using the ldapsearch command
, to assure you have correct and working server ,dn and pass options.

@ssddanbrown commented on GitHub (May 21, 2022): @tdtmusic2 I wouldn't have thought those would be an issue. This is likely be an issue within one of the `LDAP_PASS`, `LDAP_DN` or `LDAP_SERVER` options. Hard to know from my perspective, without full understanding of your LDAP environment. You could test things using the [ldapsearch](https://linux.die.net/man/1/ldapsearch) command , to assure you have correct and working server ,dn and pass options.

OVERLORD commented 2026-02-05 05:16:07 +03:00

Author

Owner

Copy Link

@tdtmusic2 commented on GitHub (May 22, 2022):

@tdtmusic2 I wouldn't have thought those would be an issue.

This is likely be an issue within one of the LDAP_PASS, LDAP_DN or LDAP_SERVER options. Hard to know from my perspective, without full understanding of your LDAP environment.

You could test things using the ldapsearch command , to assure you have correct and working server ,dn and pass options.

Ok, I reset the password for the Wiki user and this time used p@ssword1 and it seems that it worked. However, it said email confirmation is required but I didn't set up that, so I don't know if it's normal or not.
Anyway, there is clearly an issue with the password format, before this user I had another one with a password ending in # and it also did not work. OR it might be the fact that the OU for the previous user had space in its name (it's IT Support) and the Wiki user is in the IT OU, so no spaces.

About the environment, nothing special, just a Win Server 2016 DC and another one, identical, as secondary DC. But plenty of OUs, most of them with spaces in the name. And also all the users are required to have special characters in the password, so if this is the issue it will be a problem for them to login...

@tdtmusic2 commented on GitHub (May 22, 2022): > @tdtmusic2 I wouldn't have thought those would be an issue. > > This is likely be an issue within one of the `LDAP_PASS`, `LDAP_DN` or `LDAP_SERVER` options. Hard to know from my perspective, without full understanding of your LDAP environment. > > You could test things using the [ldapsearch](https://linux.die.net/man/1/ldapsearch) command , to assure you have correct and working server ,dn and pass options. Ok, I reset the password for the Wiki user and this time used p@ssword1 and it seems that it worked. However, it said email confirmation is required but I didn't set up that, so I don't know if it's normal or not. Anyway, there is clearly an issue with the password format, before this user I had another one with a password ending in # and it also did not work. OR it might be the fact that the OU for the previous user had space in its name (it's IT Support) and the Wiki user is in the IT OU, so no spaces. About the environment, nothing special, just a Win Server 2016 DC and another one, identical, as secondary DC. But plenty of OUs, most of them with spaces in the name. And also all the users are required to have special characters in the password, so if this is the issue it will be a problem for them to login...

OVERLORD commented 2026-02-05 05:16:09 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (May 30, 2022):

However, it said email confirmation is required but I didn't set up that, so I don't know if it's normal or not.

This will be required if it's been enabled in the settings, or if the "Domain Restriction" registration setting is in use.
If this is instead referring to a box that requests the user to enter an email address, this can show if the system is not finding an email on the fetched LDAP user.

Anyway, there is clearly an issue with the password format, before this user I had another one with a password ending in # and it also did not work.

I have just re-tested things with an LDAP_PASS value of admin#is@really£cool. This worked fine when properly quoted like LDAP_PASS="admin#is@really£cool".
Have not tested spaces in LDAP_DN option, since it would take a fair bit of extra time to test this on my setup, but have tested with spaces in LDAP_BASE_DN and that works fine, making me think spaces should not be a problem.

Since you got things working I'll close this off but, if there's provable issues with specific mechanisms, they can be opened as new issues with specific reproduction steps.

@ssddanbrown commented on GitHub (May 30, 2022): > However, it said email confirmation is required but I didn't set up that, so I don't know if it's normal or not. This will be required if it's been enabled in the settings, or if the "Domain Restriction" registration setting is in use. If this is instead referring to a box that requests the user to enter an email address, this can show if the system is not finding an email on the fetched LDAP user. > Anyway, there is clearly an issue with the password format, before this user I had another one with a password ending in # and it also did not work. I have just re-tested things with an `LDAP_PASS` value of `admin#is@really£cool`. This worked fine when properly quoted like `LDAP_PASS="admin#is@really£cool"`. Have not tested spaces in `LDAP_DN` option, since it would take a fair bit of extra time to test this on my setup, but have tested with spaces in `LDAP_BASE_DN` and that works fine, making me think spaces should not be a problem. Since you got things working I'll close this off but, if there's provable issues with specific mechanisms, they can be opened as new issues with specific reproduction steps.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2808