LDAPS, add client TLS cert/key ability for authentication (required for Google Workspace LDAP) #3238

New Issue

OVERLORD · 2026-02-05T06:11:26+03:00

OVERLORD commented

2026-02-05 06:11:26 +03:00

Originally created by @BloodyIron on GitHub (Oct 5, 2022).

Describe the feature you'd like

So far as I can tell, LDAP within Bookstack does not have the ability to use TLS certificate + key pair for authentication (as client, not server certificates) when connecting to an LDAPS server. This is a problem as the Google Workspace service "Secure LDAP" (which is their only LDAP service) requires the client always authenticate (at a minimum) with a client TLS Certificate + Key pair.

There is the added option of also authenticating with a username + password to Google Workspace Secure LDAP, however every method (even the stunnel alternative method) always requires the use of TLS Certificate + Key for client authentication.

As such, I would like Bookstack to have this capability added (and naturally documentation updated to cover this too).

Describe the benefits this would bring to existing BookStack users

Currently Bookstack is completely incapable (so far as I can tell) from interfacing with Google Workspace authentication domains via LDAP, as the only LDAP service Google Workspace offers requires this capability.

I care about LDAP over SAML because I want delicious user avatar/image sync into Bookstack, which is only currently possible with LDAP, and not SAML (I think this is a Google Workspace limitation?).

Can the goal of this request already be achieved via other means?

Not that I can tell.

Have you searched for an existing open/closed issue?

I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

0 to 6 months

Additional context

This generally is already an LDAP feature, and I suspect Bookstack just needs a slight extension to add this. But this effort-estimation is just speculation.

Originally created by @BloodyIron on GitHub (Oct 5, 2022). ### Describe the feature you'd like So far as I can tell, LDAP within Bookstack does not have the ability to use TLS certificate + key pair for authentication (as client, not server certificates) when connecting to an LDAPS server. This is a problem as the Google Workspace service "Secure LDAP" (which is their only LDAP service) _requires_ the client always authenticate (at a minimum) with a client TLS Certificate + Key pair. There is the added _option_ of _also_ authenticating with a username + password to Google Workspace Secure LDAP, however every method (even the stunnel alternative method) always requires the use of TLS Certificate + Key for client authentication. As such, I would like Bookstack to have this capability added (and naturally documentation updated to cover this too). ### Describe the benefits this would bring to existing BookStack users Currently Bookstack is completely incapable (so far as I can tell) from interfacing with Google Workspace authentication domains via LDAP, as the only LDAP service Google Workspace offers requires this capability. I care about LDAP over SAML because I want delicious user avatar/image sync into Bookstack, which is only currently possible with LDAP, and not SAML (I think this is a Google Workspace limitation?). ### Can the goal of this request already be achieved via other means? Not that I can tell. ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundemental request ### How long have you been using BookStack? 0 to 6 months ### Additional context This generally is already an LDAP feature, and I suspect Bookstack just needs a slight extension to add this. But this effort-estimation is just speculation.

OVERLORD added the 🔨 Feature Request label 2026-02-05 06:11:26 +03:00

OVERLORD closed this issue

2026-02-05 06:11:28 +03:00

OVERLORD referenced this issue

2026-02-05 10:25:48 +03:00

[PR #3238] [MERGED] User Management API #6157

Sign in to join this conversation.