LDAP groups not matching roles in 22.06.1 #2879

New Issue

OVERLORD · 2026-02-05T05:34:37+03:00

OVERLORD commented

2026-02-05 05:34:37 +03:00

Originally created by @Montg0mery on GitHub (Jun 27, 2022).

Describe the Bug

After upgrading from 22.04.2 to 22.06.1, books which are restricted only to certain LDAP groups (using custom roles mapped by "external authentication ID") are not showing up.

I've double checked in LDAP, and the user is in the relevant group, the names match exactly, and when setting LDAP_DUMP_USER_GROUPS=true, I see the correct groups listed in the JSON output when logging in.

When using an admin account in BookStack, I can see that after those users log back in for the first time after the upgrade, they have been removed from the custom roles that they were previously in.

Downgrading back to 22.04.2 and having the users log back in fixed the issue.

Steps to Reproduce

Have custom roles mapped to LDAP groups in 22.04.2
Have books restricted so that only those roles can access them
Upgrade to 22.06.1
Observe that you can no longer access those books

Expected Behaviour

LDAP group mappings should work.

Screenshots or Additional Context

I can see that there is a change in 22.06 relating to commas in group names. These group names do not have any commas in them, they are just made up of ASCII letters and underscores.

Browser Details

No response

Exact BookStack Version

22.06.1

PHP Version

No response

Hosting Environment

Docker image: https://hub.docker.com/r/linuxserver/bookstack

Originally created by @Montg0mery on GitHub (Jun 27, 2022). ### Describe the Bug After upgrading from 22.04.2 to 22.06.1, books which are restricted only to certain LDAP groups (using custom roles mapped by "external authentication ID") are not showing up. I've double checked in LDAP, and the user is in the relevant group, the names match exactly, and when setting `LDAP_DUMP_USER_GROUPS=true`, I see the correct groups listed in the JSON output when logging in. When using an admin account in BookStack, I can see that after those users log back in for the first time after the upgrade, they have been removed from the custom roles that they were previously in. Downgrading back to 22.04.2 and having the users log back in fixed the issue. ### Steps to Reproduce 1. Have custom roles mapped to LDAP groups in 22.04.2 2. Have books restricted so that only those roles can access them 3. Upgrade to 22.06.1 4. Observe that you can no longer access those books ### Expected Behaviour LDAP group mappings should work. ### Screenshots or Additional Context I can see that there is a change in 22.06 relating to commas in group names. These group names do not have any commas in them, they are just made up of ASCII letters and underscores. ### Browser Details _No response_ ### Exact BookStack Version 22.06.1 ### PHP Version _No response_ ### Hosting Environment Docker image: https://hub.docker.com/r/linuxserver/bookstack

OVERLORD added the 🐛 Bug label 2026-02-05 05:34:37 +03:00

OVERLORD closed this issue

2026-02-05 05:34:41 +03:00

OVERLORD commented

2026-02-05 05:34:51 +03:00

@ssddanbrown commented on GitHub (Jun 27, 2022):

Hi @Montg0mery and @GustavJer,

Thanks for reporting and sorry about this.
I've identified a case where there may now be different behaviour but just want to confirm this against your setups.
Could you please confirm if the following assumptions hold true for such reported failed mapping:

You are making use of the "External Auth ID" field on the BookStack role for mapping.
This field contains uppercase characters.

@ssddanbrown commented on GitHub (Jun 27, 2022): Hi @Montg0mery and @GustavJer, Thanks for reporting and sorry about this. I've identified a case where there may now be different behaviour but just want to confirm this against your setups. Could you please confirm if the following assumptions hold true for such reported failed mapping: - You are making use of the "External Auth ID" field on the BookStack role for mapping. - This field contains uppercase characters.

OVERLORD commented

2026-02-05 05:34:55 +03:00

@Montg0mery commented on GitHub (Jun 28, 2022):

Hi @Montg0mery and @GustavJer,

Thanks for reporting and sorry about this. I've identified a case where there may now be different behaviour but just want to confirm this against your setups. Could you please confirm if the following assumptions hold true for such reported failed mapping:
* You are making use of the "External Auth ID" field on the BookStack role for mapping.

* This field contains uppercase characters.

Thank you for looking into this.

Yes, we are defining custom roles in BookStack and linking them with LDAP groups via the "External Authentication IDs" field, and this field does have a mix of lowercase letters, uppercase letters, and underscores. We are matching the exact case of the group names in LDAP, which worked fine in version 22.04.2 (and is a really useful feature for us - thanks!)

@Montg0mery commented on GitHub (Jun 28, 2022): > Hi @Montg0mery and @GustavJer, > > Thanks for reporting and sorry about this. I've identified a case where there may now be different behaviour but just want to confirm this against your setups. Could you please confirm if the following assumptions hold true for such reported failed mapping: > > * You are making use of the "External Auth ID" field on the BookStack role for mapping. > > * This field contains uppercase characters. Thank you for looking into this. Yes, we are defining custom roles in BookStack and linking them with LDAP groups via the "External Authentication IDs" field, and this field does have a mix of lowercase letters, uppercase letters, and underscores. We are matching the exact case of the group names in LDAP, which worked fine in version 22.04.2 (and is a really useful feature for us - thanks!)

OVERLORD commented

2026-02-05 05:35:01 +03:00

@GustavJer commented on GitHub (Jun 28, 2022):

Hi @Montg0mery and @GustavJer,
Thanks for reporting and sorry about this. I've identified a case where there may now be different behaviour but just want to confirm this against your setups. Could you please confirm if the following assumptions hold true for such reported failed mapping:
* You are making use of the "External Auth ID" field on the BookStack role for mapping.

* This field contains uppercase characters.
Thank you for looking into this.

Yes, we are defining custom roles in BookStack and linking them with LDAP groups via the "External Authentication IDs" field, and this field does have a mix of lowercase letters, uppercase letters, and underscores. We are matching the exact case of the group names in LDAP, which worked fine in version 22.04.2 (and is a really useful feature for us - thanks!)

I can confirm we are using the same setup as @Montg0mery with mix cased names in the "External Authentication IDs" field.

@GustavJer commented on GitHub (Jun 28, 2022): > > Hi @Montg0mery and @GustavJer, > > Thanks for reporting and sorry about this. I've identified a case where there may now be different behaviour but just want to confirm this against your setups. Could you please confirm if the following assumptions hold true for such reported failed mapping: > > ``` > > * You are making use of the "External Auth ID" field on the BookStack role for mapping. > > > > * This field contains uppercase characters. > > ``` > > Thank you for looking into this. > > Yes, we are defining custom roles in BookStack and linking them with LDAP groups via the "External Authentication IDs" field, and this field does have a mix of lowercase letters, uppercase letters, and underscores. We are matching the exact case of the group names in LDAP, which worked fine in version 22.04.2 (and is a really useful feature for us - thanks!) I can confirm we are using the same setup as @Montg0mery with mix cased names in the "External Authentication IDs" field.

OVERLORD commented

2026-02-05 05:35:04 +03:00

@ssddanbrown commented on GitHub (Jun 28, 2022):

Thanks for confirming, that aligns with my understanding of change, there will be a patch out today to cover this.

@ssddanbrown commented on GitHub (Jun 28, 2022): Thanks for confirming, that aligns with my understanding of change, there will be a patch out today to cover this.

OVERLORD commented

2026-02-05 05:35:13 +03:00

@ssddanbrown commented on GitHub (Jun 28, 2022):

This has now been addressed as part of 0bcd1795cb therefore I will close this off.
This will be part of v22.06.2, releasing later today.
Please let me know after updating if any issues remain, you can still reply to this thread if required.

@ssddanbrown commented on GitHub (Jun 28, 2022): This has now been addressed as part of 0bcd1795cb0e7858965997a8c1e82cd0f3b56321 therefore I will close this off. This will be part of v22.06.2, releasing later today. Please let me know after updating if any issues remain, you can still reply to this thread if required.

OVERLORD commented

2026-02-05 05:35:15 +03:00

@Montg0mery commented on GitHub (Jul 8, 2022):

This has now been addressed as part of 0bcd179 therefore I will close this off. This will be part of v22.06.2, releasing later today. Please let me know after updating if any issues remain, you can still reply to this thread if required.

Upgrading to 22.06.2 fixed the issue for us. Thank you!

@Montg0mery commented on GitHub (Jul 8, 2022): > This has now been addressed as part of [0bcd179](https://github.com/BookStackApp/BookStack/commit/0bcd1795cb0e7858965997a8c1e82cd0f3b56321) therefore I will close this off. This will be part of v22.06.2, releasing later today. Please let me know after updating if any issues remain, you can still reply to this thread if required. Upgrading to 22.06.2 fixed the issue for us. Thank you!

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2879