ldap port 389 add possibility to change port #5476

New Issue

OVERLORD · 2026-02-05T10:05:44+03:00

OVERLORD commented

2026-02-05 10:05:44 +03:00

Originally created by @liviodaina on GitHub (Oct 30, 2025).

Describe the feature you'd like

i've configured bookstack with ad auth on port 389 and all works fine.
we have installed for enabling ldap with 2fa a software for proxing ldap effective AD servers, so in this schema:
(LDAP PROXY listen on 10389) -> (LDAP EFFECTIVE: 389)
in this scenario LDAP PROXY ask for username and accept 2fa code only without password as LDAP PROXY is connected to LDAP:389
in this way we have addedd 2fa function to standard ldap call.
if for example i run to test the response with ldapsearch the results are the same:
"
ldapsearch -x -b "dc=domain,dc=com" -H ldap://000.000.000.000:389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W
ldapsearch -x -b "dc=domain,dc=com" -H ldap://111.111.111.11:10389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W
"
if i will have the possibility to change port 389 on .env configuration i think is a good option

Describe the benefits this would bring to existing BookStack users

the benefit is that bookstack service can have 2fa or a layer of security or the overall benefit regarding that bookstack server/services doens not contact ldap server directly

Can the goal of this request already be achieved via other means?

yes, you can have multiple ldap connection using ldap proxy with only one connection, you can have 2fa feature without "touch" your ad environment

Have you searched for an existing open/closed issue?

I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Not using yet, just scoping

Additional context

No response

Originally created by @liviodaina on GitHub (Oct 30, 2025). ### Describe the feature you'd like i've configured bookstack with ad auth on port 389 and all works fine. we have installed for enabling ldap with 2fa a software for proxing ldap effective AD servers, so in this schema: (LDAP PROXY listen on 10389) -> (LDAP EFFECTIVE: 389) in this scenario LDAP PROXY ask for username and accept 2fa code only without password as LDAP PROXY is connected to LDAP:389 in this way we have addedd 2fa function to standard ldap call. if for example i run to test the response with ldapsearch the results are the same: " ldapsearch -x -b "dc=domain,dc=com" -H ldap://000.000.000.000:389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W ldapsearch -x -b "dc=domain,dc=com" -H ldap://111.111.111.11:10389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W " if i will have the possibility to change port 389 on .env configuration i think is a good option ### Describe the benefits this would bring to existing BookStack users the benefit is that bookstack service can have 2fa or a layer of security or the overall benefit regarding that bookstack server/services doens not contact ldap server directly ### Can the goal of this request already be achieved via other means? yes, you can have multiple ldap connection using ldap proxy with only one connection, you can have 2fa feature without "touch" your ad environment ### Have you searched for an existing open/closed issue? - [x] I have searched for existing issues and none cover my fundamental request ### How long have you been using BookStack? Not using yet, just scoping ### Additional context _No response_

OVERLORD added the 🐕 Support label 2026-02-05 10:05:44 +03:00

OVERLORD commented

2026-02-05 10:05:46 +03:00

@ssddanbrown commented on GitHub (Oct 31, 2025):

Hi @liviodaina,

You can define a port as part of the LDAP_SERVER option as detailed in our documentation:

# The LDAP host, Adding a port is optional
LDAP_SERVER=example.com:389

So in your second command example case:

LDAP_SERVER=111.111.111.11:10389

@ssddanbrown commented on GitHub (Oct 31, 2025): Hi @liviodaina, You can define a port as part of the `LDAP_SERVER` option as [detailed in our documentation](https://www.bookstackapp.com/docs/admin/ldap-auth/#authentication-setup): ```bash # The LDAP host, Adding a port is optional LDAP_SERVER=example.com:389 ``` So in your second command example case: ```bash LDAP_SERVER=111.111.111.11:10389 ```

OVERLORD commented

2026-02-05 10:05:47 +03:00

@liviodaina commented on GitHub (Oct 31, 2025):

Hi, first of all thanks for your reply.
sorry if i'm wrong as i've specified in that forms as you LDAP_SERVER=111.111.111.11:10389 but the response was that the server could not be contacted in 389 port.
as told before the response from the server where is bookstack the command ldapsearch is fine, so i think that the function that receive the ldap host will use 389 or 636 in case of ldaps, ignoring the port specified.
regards, livio

@liviodaina commented on GitHub (Oct 31, 2025): Hi, first of all thanks for your reply. sorry if i'm wrong as i've specified in that forms as you LDAP_SERVER=111.111.111.11:10389 but the response was that the server could not be contacted in 389 port. as told before the response from the server where is bookstack the command ldapsearch is fine, so i think that the function that receive the ldap host will use 389 or 636 in case of ldaps, ignoring the port specified. regards, livio

OVERLORD commented

2026-02-05 10:05:48 +03:00

@ssddanbrown commented on GitHub (Oct 31, 2025):

@liviodaina How are you running BookStack? How did you originally install BookStack?

@ssddanbrown commented on GitHub (Oct 31, 2025): @liviodaina How are you running BookStack? How did you originally install BookStack?

OVERLORD commented

2026-02-05 10:05:48 +03:00

@liviodaina commented on GitHub (Oct 31, 2025):

oh yes, i've installed and im using in order to try if will be useful for us in order to take documents management of IT infrastructure, backup infrastructure, howto deploy software, faq dedicated to user, and so on. Im' trying to undestand if will be better to have stand alone service or integrated with our infrastructure, the question is if it's better to integrate, but, just consider that in case of problem you may dont have your infrastructure and you need docs that explain you how you have organized the it ? (for example)

@liviodaina commented on GitHub (Oct 31, 2025): oh yes, i've installed and im using in order to try if will be useful for us in order to take documents management of IT infrastructure, backup infrastructure, howto deploy software, faq dedicated to user, and so on. Im' trying to undestand if will be better to have stand alone service or integrated with our infrastructure, the question is if it's better to integrate, but, just consider that in case of problem you may dont have your infrastructure and you need docs that explain you how you have organized the it ? (for example)

OVERLORD commented

2026-02-05 10:05:49 +03:00

@ssddanbrown commented on GitHub (Oct 31, 2025):

@liviodaina I mean more in the technical sense of use/install. are you using docker? Or did you install using one of our scripts?

It sounds like config/setting changes you're making are not being picked up hence I'm trying to understand your technical environment a little better.

@ssddanbrown commented on GitHub (Oct 31, 2025): @liviodaina I mean more in the technical sense of use/install. are you using docker? Or did you install using one of our scripts? It sounds like config/setting changes you're making are not being picked up hence I'm trying to understand your technical environment a little better.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5476