When I try to add an LDAP user as admin, the permissions do not save. #4842

New Issue

OVERLORD · 2026-02-05T09:20:10+03:00

OVERLORD commented

2026-02-05 09:20:10 +03:00

Originally created by @silvaguilherme on GitHub (Jul 2, 2024).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

When I try to add an LDAP user as admin, the permissions do not save.
I change the .env (AUTH_METHOD=standard), then as admin.
I add my LDAP user as admin and save the page.

But when the user connects the application he loses the permissions.

In my tests, the user only loses permission when logging into the application.
If I grant him permission, and he is logged in, he has admin permission until he logs out

Exact BookStack Version

v24.05.2

Log Content

No response

Hosting Environment

Oracle Linux

Originally created by @silvaguilherme on GitHub (Jul 2, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario When I try to add an LDAP user as admin, the permissions do not save. I change the .env (AUTH_METHOD=standard), then as admin. I add my LDAP user as admin and save the page. ![image](https://github.com/BookStackApp/BookStack/assets/18178268/aaaa2a23-bacb-4903-9d2b-57368b6f9b12) ![image](https://github.com/BookStackApp/BookStack/assets/18178268/c56480ca-3e91-40ff-937d-233b29393158) But when the user connects the application he loses the permissions. ![image](https://github.com/BookStackApp/BookStack/assets/18178268/677863a6-db81-40cc-800a-847eb099b5bc) In my tests, the user only loses permission when logging into the application. If I grant him permission, and he is logged in, he has admin permission until he logs out ### Exact BookStack Version v24.05.2 ### Log Content _No response_ ### Hosting Environment Oracle Linux

OVERLORD added the 🐕 Support label 2026-02-05 09:20:10 +03:00

OVERLORD closed this issue

2026-02-05 09:20:12 +03:00

OVERLORD commented

2026-02-05 09:20:14 +03:00

@ssddanbrown commented on GitHub (Jul 2, 2024):

Hi @silvaguilherme,
I'm guessing you have the following option and values set:

LDAP_USER_TO_GROUPS=true
LDAP_REMOVE_FROM_GROUPS=true

In which case I'd expect the user to lose their admin role upon login unless this was mapping to a group in the LDAP system. If you intend for role assignments to remain, and not be removed by the LDAP group sync handling, you should set LDAP_REMOVE_FROM_GROUPS to false.

@ssddanbrown commented on GitHub (Jul 2, 2024): Hi @silvaguilherme, I'm guessing you have the following option and values set: ```bash LDAP_USER_TO_GROUPS=true LDAP_REMOVE_FROM_GROUPS=true ``` In which case I'd expect the user to lose their admin role upon login unless this was mapping to a group in the LDAP system. If you intend for role assignments to remain, and not be removed by the LDAP group sync handling, you should set `LDAP_REMOVE_FROM_GROUPS` to `false`.

OVERLORD commented

2026-02-05 09:20:16 +03:00

@silvaguilherme commented on GitHub (Jul 2, 2024):

It worked
Thanks

@silvaguilherme commented on GitHub (Jul 2, 2024): It worked Thanks

OVERLORD commented

2026-02-05 09:20:18 +03:00

@ssddanbrown commented on GitHub (Jul 2, 2024):

Good to hear! Will therefore close this off.

@ssddanbrown commented on GitHub (Jul 2, 2024): Good to hear! Will therefore close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4842