mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-05 16:49:47 +03:00
Error when trying to login with ldap user after switching to a new ldap server (failed to start tls) #3882
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @tumbri1 on GitHub (Jun 27, 2023).
Describe the Bug
We are currently using bookstack on our domain with ldap mode and everything is working fine. We are planning to switch the ldap server however and move to a new domain and move all users, roles, groups as they are to the new domain aswell.
However we wanted to test the scenario first.
Because we need the productive bookstack all the time I couldnt test it there.
So I cloned the productive bookstack VM which is still bound to the old Domain Controller and changed the ldap server in the .env file together with all the relevant settings (user dn, cn, binding user etc,)
Note that on the new DC there is TLS configured so the line for LDAP_Server is as follows:
LDAP_SERVER=ldaps://[FQDN].com:636
I have asked in the discord before, if it works to just duplicate an existing user and changing the "external_auth_id" field in the database for the user to be able to login to the new domain with all his permissions and roles etc.
Now, when trying to login, you get the "unknown error" window and the following entry gets written in the laravel.log file:
[2023-06-12 11:44:08] production.ERROR: ldap_start_tls(): Unable to start TLS: Can't contact LDAP server {"exception":"[object] (ErrorException(code: 0): ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/bookstack/app/Auth/Access/Ldap.php:38)
[stacktrace]
If you need any further information please let me know and I will gladly provide it.
I hope that you can help me out with this as we are currently unable to use the appliance in our new domain if we do not want to configure everything from the start.
Kind regards,
tumbri
laravel.log
Steps to Reproduce
This was what we did and should replicate the issue
Expected Behaviour
Expected behaviour is that after cloning the VM and changing the server parameter, bookstack detects the new Domain and automatically changes the external auth id values so that all the users can login again.
Screenshots or Additional Context
No response
Browser Details
Opera, Chrome, Firefox
Exact BookStack Version
v23.02.3
PHP Version
8.2.5
Hosting Environment
Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-149-generic x86_64)
@ssddanbrown commented on GitHub (Jun 27, 2023):
Hi @tumbri1,
I'm going to recategorise this as a support request since it's not confirmed to be a bug in BookStack, but more likely a configuration issue.
Note that
LDAPSandLDAP over TLSare two different things, with LDAP over TLS being more modern I believe.I'd guess you want LDAP over TLS. In that case, it's common to use the standard LDAP port and protocol, so I'd expect settings along the following:
@ssddanbrown commented on GitHub (Jul 10, 2023):
Since there's been no follow-up I'm going to close this. If the issue remains and is something you still require to be fixed respond to my previous comment and this can then be re-opened.