[PR #2753] [CLOSED] Add RFC2307 LDAP server compatibility #6058

New Issue

OVERLORD · 2026-02-05T10:23:35+03:00

OVERLORD commented

2026-02-05 10:23:35 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/2753
Author: @4o66
Created: 5/18/2021
Status: ❌ Closed

Base: master ← Head: rfc2307-compatability

📝 Commits (1)

227c77a FreeIPA (possibly others?) returns multiple records for individual users for RFC2307 compatability. This prevents BookStack from enumerationg groups, and completely breaks LDAP group syncronization.

📊 Changes

3 files changed (+9 additions, -1 deletions)

View changed files

📝 .env.example.complete (+1 -0)
📝 app/Auth/Access/LdapService.php (+7 -1)
📝 app/Config/services.php (+1 -0)

📄 Description

FreeIPA (possibly others?) returns multiple records for individual users for RFC2307 compatibility. This prevents BookStack from enumerating groups, and completely breaks LDAP group synchronization.

As a workaround, adding LDAP_RFC2307_COMPATIBILITY environment variable (defaults to false). If set to true, and more than one record is returned during a group membership search, BookStack will use the second record set.
Will also require updating the Docs page at https://www.bookstackapp.com/docs/admin/ldap-auth/

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/2753 **Author:** [@4o66](https://github.com/4o66) **Created:** 5/18/2021 **Status:** ❌ Closed **Base:** `master` ← **Head:** `rfc2307-compatability` --- ### 📝 Commits (1) - [`227c77a`](https://github.com/BookStackApp/BookStack/commit/227c77a0d56eeec2d9dab18d18201a4fb18a1b41) FreeIPA (possibly others?) returns multiple records for individual users for RFC2307 compatability. This prevents BookStack from enumerationg groups, and completely breaks LDAP group syncronization. ### 📊 Changes **3 files changed** (+9 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.env.example.complete` (+1 -0) 📝 `app/Auth/Access/LdapService.php` (+7 -1) 📝 `app/Config/services.php` (+1 -0) </details> ### 📄 Description FreeIPA (possibly others?) returns multiple records for individual users for RFC2307 compatibility. This prevents BookStack from enumerating groups, and completely breaks LDAP group synchronization. As a workaround, adding LDAP_RFC2307_COMPATIBILITY environment variable (defaults to false). If set to true, and more than one record is returned during a group membership search, BookStack will use the second record set. Will also require updating the Docs page at https://www.bookstackapp.com/docs/admin/ldap-auth/ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:23:35 +03:00

OVERLORD closed this issue

2026-02-05 10:23:37 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6058