LDAP AD Primary Group and Roles #3526

New Issue

Closed

opened 2026-02-05 07:01:23 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 07:01:23 +03:00

Owner

Copy Link

Originally created by @JamHeHe on GitHub (Feb 24, 2023).

Describe the Bug

I've associated our Domain Admin group to the Admin role in BookStack. I have one user who had the Domain Admin group set as the primary group for that user. In BookStack that user would not get associated to the Admin Role until I set the user's primary group to a different group.

Steps to Reproduce

1. Setup LDAP for AD
2. Associate Domain Admin Group to Admin Role
3. Set user's primary group to Domain Admin in AD
4. Login as user and see that Admin Role is not associated appropriately

Expected Behaviour

Admin access in BookStack regardless of Primary Group setup in AD.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

23.01.1

PHP Version

8.1.2-1

Hosting Environment

Ubuntu 22.04 LTS

Originally created by @JamHeHe on GitHub (Feb 24, 2023). ### Describe the Bug I've associated our Domain Admin group to the Admin role in BookStack. I have one user who had the Domain Admin group set as the primary group for that user. In BookStack that user would not get associated to the Admin Role until I set the user's primary group to a different group. ### Steps to Reproduce 1. Setup LDAP for AD 2. Associate Domain Admin Group to Admin Role 3. Set user's primary group to Domain Admin in AD 4. Login as user and see that Admin Role is not associated appropriately ### Expected Behaviour Admin access in BookStack regardless of Primary Group setup in AD. ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version 23.01.1 ### PHP Version 8.1.2-1 ### Hosting Environment Ubuntu 22.04 LTS

OVERLORD added the 🐕 Support label 2026-02-05 07:01:23 +03:00

OVERLORD closed this issue 2026-02-05 07:01:27 +03:00

OVERLORD commented 2026-02-05 07:01:31 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 24, 2023):

Hi @JamHeHe,

I can't really help from an active directory point of view.
I don't really know how steps 2 or 3 of your reproduction steps are performed or what they would actually result in.

All that BookStack cares about is that groups are provided on the LDAP_GROUP_ATTRIBUTE of the user fetched from the LDAP system upon login, and that group sync has been configured correctly.

I'm going to re-label this as a support issue since it's not clear there's any bug in BookStack.

@ssddanbrown commented on GitHub (Feb 24, 2023): Hi @JamHeHe, I can't really help from an active directory point of view. I don't really know how steps 2 or 3 of your reproduction steps are performed or what they would actually result in. All that BookStack cares about is that groups are provided on the `LDAP_GROUP_ATTRIBUTE` of the user fetched from the LDAP system upon login, and that group sync has been configured correctly. I'm going to re-label this as a support issue since it's not clear there's any bug in BookStack.

OVERLORD commented 2026-02-05 07:01:34 +03:00

Author

Owner

Copy Link

@JamHeHe commented on GitHub (Feb 24, 2023):

Understood, and thanks. I agree that's it quite possibly not BookStack's
issue at all. I partially just wanted to get it posted somewhere to help
someone who may see a similar issue in the future and save them some time
and trouble, but couldn't find a forum or anything I could just post it in.

Thanks for all your work on BookStack!

On Fri, Feb 24, 2023 at 9:54 AM Dan Brown @.***> wrote:

Hi @JamHeHe https://github.com/JamHeHe,

I can't really help from an active directory point of view.
I don't really know how steps 2 or 3 of your reproduction steps are
performed or what they would actually result in.

All that BookStack cares about is that groups are provided on the
LDAP_GROUP_ATTRIBUTE of the user fetched from the LDAP system upon login,
and that group sync has been configured correctly.

I'm going to re-label this as a support issue since it's not clear there's
any bug in BookStack.

—
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/4064#issuecomment-1443886357,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/A3ZVCF6Q5GO3VM6SDVFAXW3WZDKTVANCNFSM6AAAAAAVG7TQSE
.
You are receiving this because you were mentioned.Message ID:
@.***>

@JamHeHe commented on GitHub (Feb 24, 2023): Understood, and thanks. I agree that's it quite possibly not BookStack's issue at all. I partially just wanted to get it posted somewhere to help someone who may see a similar issue in the future and save them some time and trouble, but couldn't find a forum or anything I could just post it in. Thanks for all your work on BookStack! On Fri, Feb 24, 2023 at 9:54 AM Dan Brown ***@***.***> wrote: > Hi @JamHeHe <https://github.com/JamHeHe>, > > I can't really help from an active directory point of view. > I don't really know how steps 2 or 3 of your reproduction steps are > performed or what they would actually result in. > > All that BookStack cares about is that groups are provided on the > LDAP_GROUP_ATTRIBUTE of the user fetched from the LDAP system upon login, > and that group sync has been configured correctly. > > I'm going to re-label this as a support issue since it's not clear there's > any bug in BookStack. > > — > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/4064#issuecomment-1443886357>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/A3ZVCF6Q5GO3VM6SDVFAXW3WZDKTVANCNFSM6AAAAAAVG7TQSE> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

OVERLORD commented 2026-02-05 07:01:36 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 24, 2023):

@JamHeHe Ah, okay and thanks!

I'll therefore close this off but if you need any additional help, from a BookStack specific perspective, or you do find a proven issue with BookStack's handling, feel free to still comment or open a new issue.

@ssddanbrown commented on GitHub (Feb 24, 2023): @JamHeHe Ah, okay and thanks! I'll therefore close this off but if you need any additional help, from a BookStack specific perspective, or you do find a proven issue with BookStack's handling, feel free to still comment or open a new issue.

OVERLORD referenced this issue 2026-02-05 10:26:59 +03:00

[PR #3526] [MERGED] New Crowdin updates #6212

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3526