Windows AD Authentication #752

New Issue

Closed

opened 2026-02-04 22:10:13 +03:00 by OVERLORD · 8 comments

OVERLORD commented 2026-02-04 22:10:13 +03:00

Owner

Copy Link

Originally created by @FelisWei on GitHub (Jul 19, 2018).

For Bug Reports

Windows AD：Server 2012
BookStack Version：v0.22.0
PHP Version: 7.2.7 ubuntu 18.04.2
MySQL Version:5.7.22

Expected Behavior

Logging in with windows AD credentials

Current Behavior

ErrorException (E_WARNING)
ldap_bind(): Unable to bind to server: Invalid credentials

LDAP settings

AUTH_METHOD=ldap
LDAP_SERVER=ip:389
LDAP_BASE_DN=DC=xxx-xxx,DC=com
LDAP_DN=cn=1234,DC=xxx-xxx,DC=com
LDAP_PASS=xxxxxx
LDAP_USER_FILTER=(&(sAMAccountName=${user}))
LDAP_VERSION=3
LDAP_EMAIL_ATTRIBUTE=mail

Originally created by @FelisWei on GitHub (Jul 19, 2018). ##### For Bug Reports Windows AD：Server 2012 BookStack Version：v0.22.0 PHP Version: 7.2.7 ubuntu 18.04.2 MySQL Version:5.7.22 ##### Expected Behavior Logging in with windows AD credentials ##### Current Behavior ErrorException (E_WARNING) ldap_bind(): Unable to bind to server: Invalid credentials ##### LDAP settings ``` AUTH_METHOD=ldap LDAP_SERVER=ip:389 LDAP_BASE_DN=DC=xxx-xxx,DC=com LDAP_DN=cn=1234,DC=xxx-xxx,DC=com LDAP_PASS=xxxxxx LDAP_USER_FILTER=(&(sAMAccountName=${user})) LDAP_VERSION=3 LDAP_EMAIL_ATTRIBUTE=mail ``` 

OVERLORD added the 🐕 Support label 2026-02-04 22:10:13 +03:00

OVERLORD closed this issue 2026-02-04 22:10:15 +03:00

OVERLORD commented 2026-02-04 22:10:19 +03:00

Author

Owner

Copy Link

@vparmeland commented on GitHub (Jul 24, 2018):

Hi !

Have you try your user password first ?
ldapsearch -xLL -b DC=yourdomain,DC=local -h dc1.yourdomain.local -D username@yourdomain.local -W

@vparmeland commented on GitHub (Jul 24, 2018): Hi ! Have you try your user password first ? `ldapsearch -xLL -b DC=yourdomain,DC=local -h dc1.yourdomain.local -D username@yourdomain.local -W`

OVERLORD commented 2026-02-04 22:10:23 +03:00

Author

Owner

Copy Link

@FelisWei commented on GitHub (Jul 31, 2018):

Hi：
after I enter LDAP password,

Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

@FelisWei commented on GitHub (Jul 31, 2018): Hi： after I enter LDAP password, ``` Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ```

OVERLORD commented 2026-02-04 22:10:28 +03:00

Author

Owner

Copy Link

@vparmeland commented on GitHub (Aug 2, 2018):

Hi Felis,

You have your reason here....

First, can you ping your ldap IP ?

• No, your ldap isn't available

• Yes, Retry to fix your credentials

In my last reply, this command prompt is to try if you can connect to your LDAP

Have you try your user password first ?
ldapsearch -xLL -b DC=yourdomain,DC=local -h dc1.yourdomain.local-D username@yourdomain.local -W

@vparmeland commented on GitHub (Aug 2, 2018): Hi Felis, You have your reason here.... First, can you ping your ldap IP ? - No, your ldap isn't available - Yes, Retry to fix your credentials In my last reply, this command prompt is to try if you can connect to your LDAP > Have you try your user password first ? ldapsearch -xLL -b DC=yourdomain,DC=local -h dc1.yourdomain.local-D username@yourdomain.local -W

OVERLORD commented 2026-02-04 22:10:31 +03:00

Author

Owner

Copy Link

@FelisWei commented on GitHub (Aug 3, 2018):

Hi,
Yes, the ping has respond.
Does any php component I don't install?
If OU name have chinese character, does it work?
Thanks.

@FelisWei commented on GitHub (Aug 3, 2018): Hi, Yes, the ping has respond. Does any php component I don't install? If OU name have chinese character, does it work? Thanks.

OVERLORD commented 2026-02-04 22:10:35 +03:00

Author

Owner

Copy Link

@vparmeland commented on GitHub (Aug 3, 2018):

Felis,

Maybe OU Name yes ... Can you send a dummy example of your command prompt

@vparmeland commented on GitHub (Aug 3, 2018): Felis, Maybe OU Name yes ... Can you send a dummy example of your command prompt

OVERLORD commented 2026-02-04 22:10:39 +03:00

Author

Owner

Copy Link

@FelisWei commented on GitHub (Aug 7, 2018):

Hi I fix the ldapsearch command probleum, it's about OU name, lost a space.
Here is my command prompt

ldapsearch -xLL -b OU=行政,OU=興興科技,DC=sss,DC=com -h sss-dc7.sss.com-D 67671@sss.com -W

But how to set up .env file?

# The base DN from where users will be searched within.
LDAP_BASE_DN=DC=sss,DC=com

# The full DN and password of the user used to search the server
# Can both be left as false to bind anonymously
LDAP_DN=cn=張家祝,OU=行政,OU=興興科技,DC=sss,DC=com
LDAP_PASS=123456

# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
LDAP_USER_FILTER=(&(sAMAccountName=${user}))

@FelisWei commented on GitHub (Aug 7, 2018): Hi I fix the ldapsearch command probleum, it's about OU name, lost a space. Here is my command prompt ldapsearch -xLL -b OU=行政,OU=興興科技,DC=sss,DC=com -h sss-dc7.sss.com-D 67671@sss.com -W But how to set up .env file? ``` # The base DN from where users will be searched within. LDAP_BASE_DN=DC=sss,DC=com # The full DN and password of the user used to search the server # Can both be left as false to bind anonymously LDAP_DN=cn=張家祝,OU=行政,OU=興興科技,DC=sss,DC=com LDAP_PASS=123456 # A filter to use when searching for users # The user-provided user-name used to replace any occurrences of '${user}' LDAP_USER_FILTER=(&(sAMAccountName=${user})) ```

OVERLORD commented 2026-02-04 22:10:44 +03:00

Author

Owner

Copy Link

@vparmeland commented on GitHub (Aug 26, 2018):

Hey Felis,

In .env file take care of this line

# General auth
AUTH_METHOD=ldap

# LDAP Settings
LDAP_SERVER=false
LDAP_BASE_DN=false
LDAP_DN=false
LDAP_PASS=false
LDAP_USER_FILTER=false
LDAP_VERSION=false
# Do you want to sync LDAP groups to BookStack roles for a user
LDAP_USER_TO_GROUPS=false
# What is the LDAP attribute for group memberships
LDAP_GROUP_ATTRIBUTE="memberOf"
# Would you like to remove users from roles on BookStack if they do not match on LDAP
# If false, the ldap groups-roles sync will only add users to roles
LDAP_REMOVE_FROM_GROUPS=false

You can find on github the
.env.example

And use APP_DEBUG=true to find error quickly

@vparmeland commented on GitHub (Aug 26, 2018): Hey Felis, In .env file take care of this line `# General auth` `AUTH_METHOD=ldap` `# LDAP Settings` `LDAP_SERVER=false` `LDAP_BASE_DN=false` `LDAP_DN=false` `LDAP_PASS=false` `LDAP_USER_FILTER=false` `LDAP_VERSION=false` `# Do you want to sync LDAP groups to BookStack roles for a user` `LDAP_USER_TO_GROUPS=false` `# What is the LDAP attribute for group memberships` `LDAP_GROUP_ATTRIBUTE="memberOf"` `# Would you like to remove users from roles on BookStack if they do not match on LDAP` `# If false, the ldap groups-roles sync will only add users to roles` `LDAP_REMOVE_FROM_GROUPS=false` You can find on github the [**.env.example**](https://github.com/BookStackApp/BookStack/blob/master/.env.example) And use APP_DEBUG=true to find error quickly

OVERLORD commented 2026-02-04 22:10:46 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 24, 2018):

Since the last comment on this issue is relatively old I'm going to close this. If the issue remains and is something you still require to be fixed please comment and this can be reopened if required.

@ssddanbrown commented on GitHub (Nov 24, 2018): Since the last comment on this issue is relatively old I'm going to close this. If the issue remains and is something you still require to be fixed please comment and this can be reopened if required.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#752