LDAP/AD Authentication #570

New Issue

OVERLORD · 2026-02-04T21:07:08+03:00

OVERLORD commented

2026-02-04 21:07:08 +03:00

Originally created by @JeffCache on GitHub (Feb 15, 2018).

For Feature Requests

Desired Feature:

For Bug Reports

BookStack Version (Found in settings, Please don't put 'latest'): v0.19.0
PHP Version: 7.1.10
MySQL Version: 5.7

Expected Behavior

Logging in with one's AD credentials.

Current Behavior

"An unknown error has occurred" when attempting to LDAP login.

Steps to Reproduce

I'm hoping someone can shed some light on what I may be doing incorrectly here. Here is the configuration for my .env file with some environment information redacted.

LDAP Settings

LDAP_SERVER=dcservername.domain.com:389
LDAP_BASE_DN=dc=domain,dc=com
LDAP_DN=CN=billy.bob,OU=IT-AdminUsers,OU=Dept-IT,DC=domain,DC=com
LDAP_PASS=Billy.bob'sPassword123
LDAP_USER_FILTER=&(cn=*)
LDAP_VERSION=3
LDAP_EMAIL_ATTRIBUTE=mail

This instance of BookStack is running inside a Ubuntu 16.04 box and connecting to your typical Windows AD service. I apologize for my freshness in this area but I am by no means an expert here.

Originally created by @JeffCache on GitHub (Feb 15, 2018). ### For Feature Requests Desired Feature: ### For Bug Reports * BookStack Version *(Found in settings, Please don't put 'latest')*: v0.19.0 * PHP Version: 7.1.10 * MySQL Version: 5.7 ##### Expected Behavior Logging in with one's AD credentials. ##### Current Behavior "An unknown error has occurred" when attempting to LDAP login. ##### Steps to Reproduce I'm hoping someone can shed some light on what I may be doing incorrectly here. Here is the configuration for my .env file with some environment information redacted. # LDAP Settings LDAP_SERVER=dcservername.domain.com:389 LDAP_BASE_DN=dc=domain,dc=com LDAP_DN=CN=billy.bob,OU=IT-AdminUsers,OU=Dept-IT,DC=domain,DC=com LDAP_PASS=Billy.bob'sPassword123 LDAP_USER_FILTER=&(cn=*) LDAP_VERSION=3 LDAP_EMAIL_ATTRIBUTE=mail This instance of BookStack is running inside a Ubuntu 16.04 box and connecting to your typical Windows AD service. I apologize for my freshness in this area but I am by no means an expert here.

OVERLORD added the 🐕 Support label 2026-02-04 21:07:08 +03:00

OVERLORD closed this issue

2026-02-04 21:07:11 +03:00

OVERLORD commented

2026-02-04 21:07:22 +03:00

@domainzero commented on GitHub (Feb 19, 2018):

Can you set APP_DEBUG=true in your .env file and try to log in again?
Post the error here when you can, it might help us see exactly where it's bombing out.

@domainzero commented on GitHub (Feb 19, 2018): Can you set `APP_DEBUG=true` in your .env file and try to log in again? Post the error here when you can, it might help us see exactly where it's bombing out.

OVERLORD commented

2026-02-04 21:07:42 +03:00

@ghost commented on GitHub (Feb 20, 2018):

Is this a new problem and it was working previously, or are you just now setting it up and it does not work?

I think the user filter is where you specify how you're finding the associated user-- your filter is a wildcard and so it probably can't find the target user account.

@ghost commented on GitHub (Feb 20, 2018): Is this a _new_ problem and it was working previously, or are you just now setting it up and it does not work? I think the user filter is where you specify how you're finding the associated user-- your filter is a wildcard and so it probably can't find the target user account.

OVERLORD commented

2026-02-04 21:07:50 +03:00

@joshripley commented on GitHub (Apr 16, 2018):

Hey @JeffCache , I do not know if you were able to get this sorted, but I have installed BookStack and managed to get LDAP authentication working in what sounds like a similar environment as your setup.

My initial thought is that your LDAP_BASE_DN might not be correct. In my setup, LDAP_DN is the username that is used to authentical to the LDAP server. It should be whatever username is associated with the password set in LDAP_PASS.

For LDAP_USER_FILTER, I have mine set to (|(mail=${user})(sAMAccountName=${user})) . This allows someone to login using their email address or their domain user name.

@joshripley commented on GitHub (Apr 16, 2018): Hey @JeffCache , I do not know if you were able to get this sorted, but I have installed BookStack and managed to get LDAP authentication working in what sounds like a similar environment as your setup. My initial thought is that your LDAP_BASE_DN might not be correct. In my setup, LDAP_DN is the username that is used to authentical to the LDAP server. It should be whatever username is associated with the password set in LDAP_PASS. For LDAP_USER_FILTER, I have mine set to **(|(mail=${user})(sAMAccountName=${user}))** . This allows someone to login using their email address or their domain user name.

OVERLORD commented

2026-02-04 21:07:53 +03:00

@ssddanbrown commented on GitHub (Jul 29, 2018):

Due to the lack of response from the original issue author I will close this. Thanks to everyone above that's provided support.

If this issue remains please feel free to open a new issue, referencing this one.

@ssddanbrown commented on GitHub (Jul 29, 2018): Due to the lack of response from the original issue author I will close this. Thanks to everyone above that's provided support. If this issue remains please feel free to open a new issue, referencing this one.

OVERLORD commented

2026-02-04 21:08:00 +03:00

@christophe-lechenadec commented on GitHub (Feb 8, 2019):

Hi,
I bring a further information,
if LDAP_BASE_DN contains root domain
LDAP_BASE_DN=DC=truc, DC=com
the error occurs.

but if you made reference to OU
it's OK

Ch.

@christophe-lechenadec commented on GitHub (Feb 8, 2019): Hi, I bring a further information, if LDAP_BASE_DN contains root domain LDAP_BASE_DN=DC=truc, DC=com the error occurs. but if you made reference to OU it's OK Ch.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#570