Bookstack ldap long login times #4833

New Issue

Closed

opened 2026-02-05 09:19:23 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2026-02-05 09:19:23 +03:00

Owner

Copy Link

Originally created by @Jeffrey-FB on GitHub (Jun 24, 2024).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

Hi there

I have Bookstack running in AWS. Using the script to build it.
My AD is place on pre in our office. We have loads of other services running this way with out issues.
Using windows server Active Directory for Auth

I'm using

AUTH_METHOD=ldap
LDAP_SERVER=my.domain.com:389
LDAP_USER_FILTER=(&(sAMAccountName={user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=BIN;objectGUID
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_START_TLS=false

Users can login, they take about an min to login if first time.
After that it varies how long the login process with take.
Sometimes is milli seconds other times it back to 1 min to login.
Currently there are only a handful of us using it, this should be a performance issues.

This has only started happening since setting up ldap.
Before the default/local accounts was milli seconds.

I don't see anything in any of the logs with APP_DEBUG=true

Help, thoughts on troubleshooting?

Exact BookStack Version

v24.05.2

Log Content

No response

Hosting Environment

Ubuntu Install script
Ubuntu 22.04
PHP8.3
Apache2.4.58

Originally created by @Jeffrey-FB on GitHub (Jun 24, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi there I have Bookstack running in AWS. Using the script to build it. My AD is place on pre in our office. We have loads of other services running this way with out issues. Using windows server Active Directory for Auth I'm using ``` AUTH_METHOD=ldap LDAP_SERVER=my.domain.com:389 LDAP_USER_FILTER=(&(sAMAccountName={user})) LDAP_VERSION=3 LDAP_ID_ATTRIBUTE=BIN;objectGUID LDAP_EMAIL_ATTRIBUTE=mail LDAP_DISPLAY_NAME_ATTRIBUTE=cn LDAP_START_TLS=false ``` Users can login, they take about an min to login if first time. After that it varies how long the login process with take. Sometimes is milli seconds other times it back to 1 min to login. Currently there are only a handful of us using it, this should be a performance issues. This has only started happening since setting up ldap. Before the default/local accounts was milli seconds. I don't see anything in any of the logs with APP_DEBUG=true Help, thoughts on troubleshooting? ### Exact BookStack Version v24.05.2 ### Log Content _No response_ ### Hosting Environment Ubuntu Install script Ubuntu 22.04 PHP8.3 Apache2.4.58

OVERLORD added the 🐕 Support label 2026-02-05 09:19:23 +03:00

OVERLORD closed this issue 2026-02-05 09:19:24 +03:00

OVERLORD commented 2026-02-05 09:19:27 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 25, 2024):

Hi All

I really need to get this working, took me 3 mins last time to log.
I cannot find anything in the logs or it's not logging correctly.
How can i troubleshoot this?

Any help would be appreciated

@Jeffrey-FB commented on GitHub (Jun 25, 2024): Hi All I really need to get this working, took me 3 mins last time to log. I cannot find anything in the logs or it's not logging correctly. How can i troubleshoot this? Any help would be appreciated

OVERLORD commented 2026-02-05 09:19:29 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 25, 2024):

Changed a few setting which helped a little bit but still can take up to 2 mins to login for a returning user.
now using
LDAP_SERVER=ldaps://my.domain.com:636
And removed tls
#LDAP_START_TLS=false

What else could i try?

@Jeffrey-FB commented on GitHub (Jun 25, 2024): Changed a few setting which helped a little bit but still can take up to 2 mins to login for a returning user. now using `LDAP_SERVER=ldaps://my.domain.com:636` And removed tls `#LDAP_START_TLS=false` What else could i try?

OVERLORD commented 2026-02-05 09:19:30 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 25, 2024):

If you repeatedly log in and out, does the login time continue to vary? If so, what does that pattern roughly look like?
Or is it just the first login that's slow?

@ssddanbrown commented on GitHub (Jun 25, 2024): If you repeatedly log in and out, does the login time continue to vary? If so, what does that pattern roughly look like? Or is it just the first login that's slow?

OVERLORD commented 2026-02-05 09:19:31 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 26, 2024):

Hey @ssddanbrown

There doesn't seem to be a pattern.
In google if i log out and then back in, most times it's pretty quick.
If I've been using bookstack a while then sign out, it'll take a while to log back in.
If i close the browser down it's a long login every time.

Firefox seems to take long every time.
As does Microsoft edge.

This is all with the same user account.

Thoughts, more troubleshooting options?

@Jeffrey-FB commented on GitHub (Jun 26, 2024): Hey @ssddanbrown There doesn't seem to be a pattern. In google if i log out and then back in, most times it's pretty quick. If I've been using bookstack a while then sign out, it'll take a while to log back in. If i close the browser down it's a long login every time. Firefox seems to take long every time. As does Microsoft edge. This is all with the same user account. Thoughts, more troubleshooting options?

OVERLORD commented 2026-02-05 09:19:33 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 26, 2024):

• What AWS service(s) are you using to host BookStack?
• How does BookStack reach your AD system in office (tunnels, vpn, proxies)?

If possible, you could test the connection directly on the host system using the ldapsearch command, just to check a non-bookstack method from the same host.

@ssddanbrown commented on GitHub (Jun 26, 2024): - What AWS service(s) are you using to host BookStack? - How does BookStack reach your AD system in office (tunnels, vpn, proxies)? If possible, you could test the connection directly on the host system using the `ldapsearch` command, just to check a non-bookstack method from the same host.

OVERLORD commented 2026-02-05 09:19:34 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 27, 2024):

Hey @ssddanbrown

• Bookstack is an EC2 instance
• It's connected via our VPC

We have other services in AWS that all communicate with our AD servers on perm.
i.e I can ping my AD server
I have configured realm with `realm discover' I can connect to my bookstack server with sshd using my AD credentials.

I've not really used ldapsearch before. I might need a little help with this one?
I've tried one of these examples
ldapsearch -H ldap://<server_name>:389 -D "<distinguished_name>" -w <password> -b "<search_base>" -s <scope> <filter>
This is what i get in return
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I'll endeavor to get this working while i wait for a reply from you.
Will post my progress, let me know if there is anything else you want me to try?

@Jeffrey-FB commented on GitHub (Jun 27, 2024): Hey @ssddanbrown - Bookstack is an EC2 instance - It's connected via our VPC We have other services in AWS that all communicate with our AD servers on perm. i.e I can ping my AD server I have configured realm with `realm discover' I can connect to my bookstack server with sshd using my AD credentials. I've not really used ldapsearch before. I might need a little help with this one? I've tried one of these examples `ldapsearch -H ldap://<server_name>:389 -D "<distinguished_name>" -w <password> -b "<search_base>" -s <scope> <filter>` This is what i get in return `ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)` I'll endeavor to get this working while i wait for a reply from you. Will post my progress, let me know if there is anything else you want me to try?

OVERLORD commented 2026-02-05 09:19:35 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 27, 2024):

Okay so i followed this guide

So now I have ldap and ldaps working with ldapsearch
Both return instantly on the terminal.

FYI ping results icmp_seq=1 ttl=124 time=1.73 ms

No change to login times on Bookstack.
What do we try next?

@Jeffrey-FB commented on GitHub (Jun 27, 2024): Okay so i followed this guide [](https://medium.com/@pedrodev/connect-your-linux-server-with-active-directory-e707410d1e59) So now I have ldap and ldaps working with ldapsearch Both return instantly on the terminal. FYI ping results `icmp_seq=1 ttl=124 time=1.73 ms` No change to login times on Bookstack. What do we try next?

OVERLORD commented 2026-02-05 09:19:37 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 27, 2024):

Okay i figured out what the problem was.
I was pointing to our domain for ldap my.domain.com
But we have multiple serving other regions
I've change it to hostname.my.domain.com and this has resolved the delay in login.

Now how do i add a 2nd ldap server in my .env for redundancy?

@Jeffrey-FB commented on GitHub (Jun 27, 2024): Okay i figured out what the problem was. I was pointing to our domain for ldap my.domain.com But we have multiple serving other regions I've change it to hostname.my.domain.com and this has resolved the delay in login. Now how do i add a 2nd ldap server in my .env for redundancy?

OVERLORD commented 2026-02-05 09:19:38 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 27, 2024):

@Jeffrey-FB Good to hear you found the cause! Will therefore close this off.

Now how do i add a 2nd ldap server in my .env for redundancy?

We don't specifically support/handle/test redundancy. PHP has some level of support built in (but I'm not sure on the full extent or handling of this) which I think you might be able to use via something like this:

LDAP_SERVER="ldaps://my.domain.com:636 ldaps://my.other.domain.com:636"

But again that's not something I've tested.

@ssddanbrown commented on GitHub (Jun 27, 2024): @Jeffrey-FB Good to hear you found the cause! Will therefore close this off. > Now how do i add a 2nd ldap server in my .env for redundancy? We don't specifically support/handle/test redundancy. PHP has some level of support built in (but I'm not sure on the full extent or handling of this) which I think you might be able to use via something like this: ```bash LDAP_SERVER="ldaps://my.domain.com:636 ldaps://my.other.domain.com:636" ``` But again that's not something I've tested.

OVERLORD commented 2026-02-05 09:19:41 +03:00

Author

Owner

Copy Link

@Jeffrey-FB commented on GitHub (Jun 28, 2024):

That looks to be working, i can still login with adding that.
That's for all the help.

@Jeffrey-FB commented on GitHub (Jun 28, 2024): That looks to be working, i can still login with adding that. That's for all the help.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4833