Convert LDAP User to SAML2 #5008

New Issue

OVERLORD · 2026-02-05T09:33:20+03:00

OVERLORD commented

2026-02-05 09:33:20 +03:00

Originally created by @reddexx on GitHub (Oct 16, 2024).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hello,

is there a possibility to convert the users from LDAP to SAML2?

Exact BookStack Version

24.10

Log Content

No response

Hosting Environment

Debian (VM)

Originally created by @reddexx on GitHub (Oct 16, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hello, is there a possibility to convert the users from LDAP to SAML2? ### Exact BookStack Version 24.10 ### Log Content _No response_ ### Hosting Environment Debian (VM)

OVERLORD added the 🐕 Support label 2026-02-05 09:33:20 +03:00

OVERLORD closed this issue

2026-02-05 09:33:21 +03:00

OVERLORD commented

2026-02-05 09:33:22 +03:00

@ssddanbrown commented on GitHub (Oct 16, 2024):

Hi @reddexx,

You'd have to update the "External Authentication ID" value to match their new expected value that they'd get from the SAML auth system (the property of which is dictated by the SAML2_EXTERNAL_ID_ATTRIBUTE option).
If the same property can be used, which you already have via LDAP, via SAML then you might not need to alter anything on the BookStack side.

If you do need to update many "External Authentication ID" values, you could alternative do this via the API or database.

@ssddanbrown commented on GitHub (Oct 16, 2024): Hi @reddexx, You'd have to update the "External Authentication ID" value to match their new expected value that they'd get from the SAML auth system (the property of which is dictated by the `SAML2_EXTERNAL_ID_ATTRIBUTE` option). If the same property can be used, which you already have via LDAP, via SAML then you might not need to alter anything on the BookStack side. If you do need to update many "External Authentication ID" values, you could alternative do this via the API or database.

OVERLORD commented

2026-02-05 09:33:24 +03:00

@reddexx commented on GitHub (Oct 16, 2024):

@ssddanbrown

For us, the External Authentication ID looks like this:

but this does not correspond to SAML2 External Authentication ID

@reddexx commented on GitHub (Oct 16, 2024): @ssddanbrown For us, the External Authentication ID looks like this: ![grafik](https://github.com/user-attachments/assets/e0f09514-f314-4418-a2b9-6ead348f03f9) but this does not correspond to SAML2 External Authentication ID

OVERLORD commented

2026-02-05 09:33:25 +03:00

@ssddanbrown commented on GitHub (Oct 16, 2024):

Ah, okay, yeah I doubt you'll have full LDAP DN info in SAML.
Would have to change it up to be an appropriate unique ID that your SAML system can provide.

@ssddanbrown commented on GitHub (Oct 16, 2024): Ah, okay, yeah I doubt you'll have full LDAP DN info in SAML. Would have to change it up to be an appropriate unique ID that your SAML system can provide.

OVERLORD commented

2026-02-05 09:33:29 +03:00

@ssddanbrown commented on GitHub (Feb 25, 2025):

Since there's been no further follow-up on this I'll go ahead and close it off.

@ssddanbrown commented on GitHub (Feb 25, 2025): Since there's been no further follow-up on this I'll go ahead and close it off.

OVERLORD referenced this issue

2026-02-05 10:32:19 +03:00

[PR #5008] [MERGED] Fixed notification preferences URL in email #6438

Sign in to join this conversation.