Updating "thumbnailPhoto" on LDAP/AD does not get reflected in Bookstack after login #4824

New Issue

OVERLORD · 2026-02-05T09:18:49+03:00

OVERLORD commented

2026-02-05 09:18:49 +03:00

Originally created by @BloodyIron on GitHub (Jun 13, 2024).

Describe the Bug

I'm integrating my Bookstack instance with Active Directory, and I'm using the attribute "thumbnailPhoto" for the Environment Variable "LDAP_THUMBNAIL_ATTRIBUTE".

When the user is initially provisioned, by logging in, the account's "User Avatar" is successfully populated from "thumbnailPhoto" from the AD/LDAP domain.

However, once the account is provisioned, the authentication ecosystem seems to never check if this attribute has changed on the user. When I change the contents of this attribute for a user that is already provisioned in Bookstack via AD/LDAP, those changes are not reflected automatically, even after multiple log-outs and log-ins.

Steps to Reproduce

Login with LDAP/AD user that already has contents for "thumbnailPhoto", but this user has not logged into Bookstack before.
Confirm the user has received the correct "thubmnailPhoto" contents for their Bookstack account (use your eyeballs).
Change the contents of "thumbnailPhoto" for this account in AD.
Logout/login multiple times, observing the "User Avatar" does not change.
Proceed to github repo to report bug.

Expected Behaviour

If the thumbnailPhoto has changed on the AD/LDAP side, this should be reflected upon next login of said user into Bookstack.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v24.05.2

Originally created by @BloodyIron on GitHub (Jun 13, 2024). ### Describe the Bug I'm integrating my Bookstack instance with Active Directory, and I'm using the attribute "thumbnailPhoto" for the Environment Variable "LDAP_THUMBNAIL_ATTRIBUTE". When the user is initially provisioned, by logging in, the account's "User Avatar" is successfully populated from "thumbnailPhoto" from the AD/LDAP domain. However, once the account is provisioned, the authentication ecosystem seems to never check if this attribute has changed on the user. When I change the contents of this attribute for a user that is already provisioned in Bookstack via AD/LDAP, those changes are not reflected automatically, even after multiple log-outs and log-ins. ### Steps to Reproduce 1. Login with LDAP/AD user that already has contents for "thumbnailPhoto", but this user has not logged into Bookstack before. 2. Confirm the user has received the correct "thubmnailPhoto" contents for their Bookstack account (use your eyeballs). 3. Change the contents of "thumbnailPhoto" for this account in AD. 4. Logout/login multiple times, observing the "User Avatar" does not change. 5. Proceed to github repo to report bug. ### Expected Behaviour If the thumbnailPhoto has changed on the AD/LDAP side, this should be reflected upon next login of said user into Bookstack. ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version v24.05.2

OVERLORD added the 🐛 Bug label 2026-02-05 09:18:49 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4824