LDAP auth from Docker help - Bad search filter #894

New Issue

OVERLORD · 2026-02-04T22:45:26+03:00

OVERLORD commented

2026-02-04 22:45:26 +03:00

Originally created by @nondeterminischtick on GitHub (Nov 5, 2018).

Suspect my env variable is wrong.

On attempting to log in using LDAP (Active Directory) the error is encountered:
ldap_search(): Search: Bad search filter

Bookstack has been deployed with solidnerd/docker-bookstack with the following env variables for LDAP:

AUTH_METHOD=ldap
LDAP_SERVER=ldap://ad.example.com:389
LDAP_BASE_DN=DC=example,DC=com
LDAP_DN=MyDN
LDAP_PASS=MyPass
LDAP_USER_FILTER="(&(sAMAccountName=\${user}))"
LDAP_VERSION=3

I suspect some issue with my ${user} syntax as that is what I had been struggling with up to this point.

The (&(sAMAccountName=\rcutts)) in the screenshot is where I have assumed my issue is but I am unsure how to get the ${user} to work inside docker.

I added the slash after reading this: 6222693a9b

I had previously tried double $ signs after reading this: https://github.com/BookStackApp/BookStack/issues/414

Which did not error but showed the invalid credentials message on the login screen.

Does anyone know what the syntax should be for this?

Originally created by @nondeterminischtick on GitHub (Nov 5, 2018). Suspect my env variable is wrong. On attempting to log in using LDAP (Active Directory) the error is encountered: **ldap_search(): Search: Bad search filter** Bookstack has been deployed with _solidnerd/docker-bookstack_ with the following env variables for LDAP: ``` AUTH_METHOD=ldap LDAP_SERVER=ldap://ad.example.com:389 LDAP_BASE_DN=DC=example,DC=com LDAP_DN=MyDN LDAP_PASS=MyPass LDAP_USER_FILTER="(&(sAMAccountName=\${user}))" LDAP_VERSION=3 ``` ![image](https://user-images.githubusercontent.com/60418/48008235-2d917080-e111-11e8-9714-e90a49b37e9a.png) I suspect some issue with my ${user} syntax as that is what I had been struggling with up to this point. The `(&(sAMAccountName=\rcutts))` in the screenshot is where I have assumed my issue is but I am unsure how to get the ${user} to work inside docker. I added the slash after reading this: https://github.com/solidnerd/docker-bookstack/pull/63/commits/6222693a9b98b2437f0b43cb5469eb615b78d3ef I had previously tried double $ signs after reading this: https://github.com/BookStackApp/BookStack/issues/414 Which did not error but showed the invalid credentials message on the login screen. Does anyone know what the syntax should be for this?

OVERLORD closed this issue

2026-02-04 22:45:32 +03:00

OVERLORD commented

2026-02-04 22:45:37 +03:00

@nondeterminischtick commented on GitHub (Nov 5, 2018):

For the moment I am assuming that
LDAP_USER_FILTER=(&(sAMAccountName=$${user}))
is correct since it does not cause an exception.

Assuming for now the failure to login is some other boneheaded mistake on my part.

@nondeterminischtick commented on GitHub (Nov 5, 2018): For the moment I am assuming that `LDAP_USER_FILTER=(&(sAMAccountName=$${user}))` is correct since it does not cause an exception. Assuming for now the failure to login is some other boneheaded mistake on my part.

OVERLORD commented

2026-02-04 22:45:41 +03:00

@nondeterminischtick commented on GitHub (Nov 5, 2018):

Think I've lost my marbles.

Changed to this and it is working:
LDAP_USER_FILTER=(&(sAMAccountName=${user}))

No idea why I was having trouble earlier. Maybe it was in quotes.

@nondeterminischtick commented on GitHub (Nov 5, 2018): Think I've lost my marbles. Changed to this and it is working: `LDAP_USER_FILTER=(&(sAMAccountName=${user}))` No idea why I was having trouble earlier. Maybe it was in quotes.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#894