[PR #911] [MERGED] #75 - LDAP user groups sync to Bookstack on Login #5734

New Issue

OVERLORD · 2026-02-05T10:15:39+03:00

OVERLORD commented

2026-02-05 10:15:39 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/911
Author: @brennanmurphy
Created: 7/2/2018
Status: ✅ Merged
Merged: 7/15/2018
Merged by: @ssddanbrown

Base: master ← Head: master

📝 Commits (2)

d640cc1 LDAP groups sync to Bookstack roles.
37aa8b0 Update files to PSR-2 standards

📊 Changes

5 files changed (+226 additions, -9 deletions)

View changed files

📝 .env.example (+9 -0)
📝 app/Http/Controllers/Auth/LoginController.php (+8 -0)
➕ app/Repos/LdapRepo.php (+84 -0)
📝 app/Services/LdapService.php (+120 -8)
📝 config/services.php (+5 -1)

📄 Description

Closes issue #75

I set it up so that when users login using an LDAP connection, Bookstack will get all names of all groups that user is a part of on the LDAP server, and will try and match them to the names of roles created in Bookstack. For any matches it finds, it will add the user to that role on Bookstack. The groups to roles sync function only runs on login, so if a user's groups change on the LDAP server, they need to log out of Bookstack, and log back in for any changes to roles to take affect.

You do need to create roles on Bookstack with names that match groups on LDAP exactly for this to work. I did contemplate having Bookstack create roles on a LDAP login for all groups it found for a user, but talking to a few network admins, most applications have the app admins create the roles for matching.

I've added a few settings to the .env file to make this work. I've tried to explain them inline, and I can update the documentation on the website to reflect the changes if you would like.

Happy for any feedback, and willing to make changes as needed. At the place I work, we have been using this patch in production for ~2 months, with 40ish regular users, and have not ran into any issues. I did test it with a few OpenLDAP servers, and one Windows Active Directory server, and it worked in both instances.

This is my first PR here, so apologies if I have made any mistakes.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/911 **Author:** [@brennanmurphy](https://github.com/brennanmurphy) **Created:** 7/2/2018 **Status:** ✅ Merged **Merged:** 7/15/2018 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (2) - [`d640cc1`](https://github.com/BookStackApp/BookStack/commit/d640cc1eeef8fe5786f663b13dc3910b3d4d6b2e) LDAP groups sync to Bookstack roles. - [`37aa8b0`](https://github.com/BookStackApp/BookStack/commit/37aa8b05f873f0453f154bdf5df2774c595d5118) Update files to PSR-2 standards ### 📊 Changes **5 files changed** (+226 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `.env.example` (+9 -0) 📝 `app/Http/Controllers/Auth/LoginController.php` (+8 -0) ➕ `app/Repos/LdapRepo.php` (+84 -0) 📝 `app/Services/LdapService.php` (+120 -8) 📝 `config/services.php` (+5 -1) </details> ### 📄 Description Closes issue #75 I set it up so that when users login using an LDAP connection, Bookstack will get all names of all groups that user is a part of on the LDAP server, and will try and match them to the names of roles created in Bookstack. For any matches it finds, it will add the user to that role on Bookstack. The groups to roles sync function only runs on login, so if a user's groups change on the LDAP server, they need to log out of Bookstack, and log back in for any changes to roles to take affect. You do need to create roles on Bookstack with names that match groups on LDAP exactly for this to work. I did contemplate having Bookstack create roles on a LDAP login for all groups it found for a user, but talking to a few network admins, most applications have the app admins create the roles for matching. I've added a few settings to the .env file to make this work. I've tried to explain them inline, and I can update the documentation on the website to reflect the changes if you would like. Happy for any feedback, and willing to make changes as needed. At the place I work, we have been using this patch in production for ~2 months, with 40ish regular users, and have not ran into any issues. I did test it with a few OpenLDAP servers, and one Windows Active Directory server, and it worked in both instances. This is my first PR here, so apologies if I have made any mistakes. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:15:39 +03:00

OVERLORD closed this issue

2026-02-05 10:15:41 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5734