[PR #2288] [CLOSED] Added console command to sync with ldap server #5975

New Issue

OVERLORD · 2026-02-05T10:21:40+03:00

OVERLORD commented

2026-02-05 10:21:40 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/2288
Author: @injektion
Created: 9/29/2020
Status: ❌ Closed

Base: master ← Head: syncldap-command

📝 Commits (6)

1a2a217 Added bookstack:syncldap console command so can pre-populate users and groups from LDAP server
c67f7ef fixed the LdapSessionGuard exception and cleaned up SyncLdap command to make phpunit and codeclimate happier
dfff8fe fixed recursion bug when recursing nested groups
a99df98 added informational log messages for syncs
f20c861 added command line argument to override filter variable for custom imports and scripting the command
a159de5 added ability to exclude emails from import using comma seperated string list config variable env.LDAP_SYNC_EXCLUDE_EMAIL

📊 Changes

5 files changed (+238 additions, -1 deletions)

View changed files

📝 app/Auth/Access/Guards/LdapSessionGuard.php (+5 -1)
📝 app/Auth/Access/LdapService.php (+25 -0)
📝 app/Config/auth.php (+5 -0)
📝 app/Config/services.php (+3 -0)
➕ app/Console/Commands/SyncLdap.php (+200 -0)

📄 Description

Current behaviour:

When LDAP enabled, if a user tries to log in and isn't found, credentials are checked and user is imported.

Issue:

We require users to be populated from the LDAP server before they visit the site the first time. Also want option to prevent users from being auto registered if we'd prefer to use the LdapSync.

As example, if you're using any sort of SSO or Server/Header authentication, the user won't exist for an auto login check, and will have to click Login before being logged into their account. Very confusing for users who expect to just be auto logged into their own account.

Fix:

Use this console command to trigger a sync with an LDAP filter (LDAP_SYNC_USER_FILTER) that will pull in users and sync groups prior to the login request.

Changes:

Added and stuck most of the logic in /app/Console/Commands/SyncLdap.php command

Added two config variables in config/services.php -> LDAP which default to current behaviours of the app
'sync_user_filter' => env('LDAP_SYNC_USER_FILTER', false),
'sync_user_recursive_groups' => env('LDAP_SYNC_USER_RECURSIVE_GROUPS', true),

Added public function to app/Auth/Access/LdapService.php to getAllUsers() by filter [defaults to sync_user_filter]

Added an option to disable auto registering members when using LDAP (config/auth/auto-register = TRUE) which stops the createNewFromLdapAndCreds call in /app/Auth/Access/Guards/LdapSessionGuard.php

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/2288 **Author:** [@injektion](https://github.com/injektion) **Created:** 9/29/2020 **Status:** ❌ Closed **Base:** `master` ← **Head:** `syncldap-command` --- ### 📝 Commits (6) - [`1a2a217`](https://github.com/BookStackApp/BookStack/commit/1a2a2176db65791a71d1cdc4d11b3e9c81c41b20) Added bookstack:syncldap console command so can pre-populate users and groups from LDAP server - [`c67f7ef`](https://github.com/BookStackApp/BookStack/commit/c67f7efca2e7d082d6669500da04276deb8015c2) fixed the LdapSessionGuard exception and cleaned up SyncLdap command to make phpunit and codeclimate happier - [`dfff8fe`](https://github.com/BookStackApp/BookStack/commit/dfff8febac2b2ca4bf1fe11be371bc65828bc005) fixed recursion bug when recursing nested groups - [`a99df98`](https://github.com/BookStackApp/BookStack/commit/a99df98697398a2c2dd1f380d609b54a682eb586) added informational log messages for syncs - [`f20c861`](https://github.com/BookStackApp/BookStack/commit/f20c8615a20462548979aea2e7e3988add59a0fc) added command line argument to override filter variable for custom imports and scripting the command - [`a159de5`](https://github.com/BookStackApp/BookStack/commit/a159de5f032dfe5d2195426e9715aa21eb447fbc) added ability to exclude emails from import using comma seperated string list config variable env.LDAP_SYNC_EXCLUDE_EMAIL ### 📊 Changes **5 files changed** (+238 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/Auth/Access/Guards/LdapSessionGuard.php` (+5 -1) 📝 `app/Auth/Access/LdapService.php` (+25 -0) 📝 `app/Config/auth.php` (+5 -0) 📝 `app/Config/services.php` (+3 -0) ➕ `app/Console/Commands/SyncLdap.php` (+200 -0) </details> ### 📄 Description Current behaviour: When LDAP enabled, if a user tries to log in and isn't found, credentials are checked and user is imported. Issue: We require users to be populated from the LDAP server before they visit the site the first time. Also want option to prevent users from being auto registered if we'd prefer to use the LdapSync. As example, if you're using any sort of SSO or Server/Header authentication, the user won't exist for an auto login check, and will have to click Login before being logged into their account. Very confusing for users who expect to just be auto logged into their own account. Fix: Use this console command to trigger a sync with an LDAP filter (LDAP_SYNC_USER_FILTER) that will pull in users and sync groups prior to the login request. Changes: Added and stuck most of the logic in /app/Console/Commands/SyncLdap.php command Added two config variables in config/services.php -> LDAP which default to current behaviours of the app 'sync_user_filter' => env('LDAP_SYNC_USER_FILTER', false), 'sync_user_recursive_groups' => env('LDAP_SYNC_USER_RECURSIVE_GROUPS', true), Added public function to app/Auth/Access/LdapService.php to getAllUsers() by filter [defaults to sync_user_filter] Added an option to disable auto registering members when using LDAP (config/auth/auto-register = TRUE) which stops the createNewFromLdapAndCreds call in /app/Auth/Access/Guards/LdapSessionGuard.php --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:21:40 +03:00

OVERLORD closed this issue

2026-02-05 10:21:42 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5975