starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-05 00:29:48 +03:00
Code Issues 303 Packages Projects Releases 10 Wiki Activity

LDAP over TLS: Unable to bind to server: Can't contact LDAP server #990

New Issue
Closed
opened 2026-02-04 23:17:45 +03:00 by OVERLORD · 16 comments
OVERLORD commented 2026-02-04 23:17:45 +03:00
Owner
Copy Link

Originally created by @Mant1kor on GitHub (Jan 15, 2019).

Describe the bug
Login via Active Directory account.
Sometimes I've got error: ldap_bind(): Unable to bind to server: Can't contact LDAP server

Screenshots
default
default

Your Configuration (please complete the following information):

  • Exact BookStack Version (Found in settings): v0.25.0 clean installation
  • PHP Version: PHP 7.2.14
  • Hosting Method (Nginx/Apache/Docker): nginx/1.12.2

Additional context
.env options

AUTH_METHOD=ldap

# LDAP authentication configuration
LDAP_SERVER=ldaps://dc.domain.com:636
LDAP_BASE_DN=DC=domain,DC=com
LDAP_DN=CN=LDAP,OU=AutoInstall,DC=domain,DC=com
LDAP_PASS=strong_password
LDAP_USER_FILTER=(&(sAMAccountName=${user}))
LDAP_VERSION=3
LDAP_TLS_INSECURE=true
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_FOLLOW_REFERRALS=false

AD level: 2008 R2

Originally created by @Mant1kor on GitHub (Jan 15, 2019). **Describe the bug** Login via Active Directory account. **Sometimes** I've got error: `ldap_bind(): Unable to bind to server: Can't contact LDAP server` **Screenshots** ![default](https://user-images.githubusercontent.com/5281753/51171598-fa5e2100-18b9-11e9-96f1-abb806a04f06.png) ![default](https://user-images.githubusercontent.com/5281753/51172066-157d6080-18bb-11e9-81ee-fd3f74a36a90.png) **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): v0.25.0 clean installation - PHP Version: PHP 7.2.14 - Hosting Method (Nginx/Apache/Docker): nginx/1.12.2 **Additional context** `.env` options ``` AUTH_METHOD=ldap # LDAP authentication configuration LDAP_SERVER=ldaps://dc.domain.com:636 LDAP_BASE_DN=DC=domain,DC=com LDAP_DN=CN=LDAP,OU=AutoInstall,DC=domain,DC=com LDAP_PASS=strong_password LDAP_USER_FILTER=(&(sAMAccountName=${user})) LDAP_VERSION=3 LDAP_TLS_INSECURE=true LDAP_EMAIL_ATTRIBUTE=mail LDAP_FOLLOW_REFERRALS=false ``` AD level: 2008 R2
OVERLORD added the 🐕 Support label 2026-02-04 23:17:45 +03:00
OVERLORD commented 2026-02-04 23:18:00 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 15, 2019):

Update: the issue reproduce only when connected to LDAP_SERVER over TLS
LDAP_SERVER=ldaps://dc.domain.com:636

@Mant1kor commented on GitHub (Jan 15, 2019): Update: the issue reproduce only when connected to LDAP_SERVER over TLS LDAP_SERVER=**ldaps**://dc.domain.com:636
OVERLORD commented 2026-02-04 23:18:05 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jan 15, 2019):

Sorry to hear you're having issues @Mant1kor,
Just to confirm is this a new BookStack/Ldap setup you're experiencing this on or are you just experiencing this after performing an update?

Sometimes I've got error: ldap_bind(): Unable to bind to server: Can't contact LDAP server

Does this mean it sometimes does work as expected, without error?

@ssddanbrown commented on GitHub (Jan 15, 2019): Sorry to hear you're having issues @Mant1kor, Just to confirm is this a new BookStack/Ldap setup you're experiencing this on or are you just experiencing this after performing an update? > Sometimes I've got error: ldap_bind(): Unable to bind to server: Can't contact LDAP server Does this mean it sometimes does work as expected, without error?
OVERLORD commented 2026-02-04 23:18:10 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 15, 2019):

Just to confirm is this a new BookStack/Ldap setup you're experiencing this on or are you just experiencing this after performing an update?

It's a new BookStack/Ldap setup.

Does this mean it sometimes does work as expected, without error?

Yep, error occurs in ~50% of attempts. I'll try to record video proof.

@Mant1kor commented on GitHub (Jan 15, 2019): > Just to confirm is this a new BookStack/Ldap setup you're experiencing this on or are you just experiencing this after performing an update? It's a new BookStack/Ldap setup. > Does this mean it sometimes does work as expected, without error? Yep, error occurs in ~50% of attempts. I'll try to record video proof.
OVERLORD commented 2026-02-04 23:18:16 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 15, 2019):

Looks like that's solve my problem:
LDAP_USER_FILTER=(&(objectCategory=Person)(sAMAccountName=${user}))
Give me a ~day to check in detail.

@Mant1kor commented on GitHub (Jan 15, 2019): Looks like that's solve my problem: `LDAP_USER_FILTER=(&(objectCategory=Person)(sAMAccountName=${user}))` Give me a ~day to check in detail.
OVERLORD commented 2026-02-04 23:18:19 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 16, 2019):

@ssddanbrown still something wrong with ldap auth
gif_

@Mant1kor commented on GitHub (Jan 16, 2019): @ssddanbrown still something wrong with ldap auth ![gif_](https://user-images.githubusercontent.com/5281753/51248944-63b56100-199a-11e9-8e40-4fc0767aa8f7.gif)
OVERLORD commented 2026-02-04 23:18:23 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jan 16, 2019):

This sounds very similar to #1069 and perhaps #247.

If I'm honest, I'm not really sure how to diagnose such an issue.

@ssddanbrown commented on GitHub (Jan 16, 2019): This sounds very similar to #1069 and perhaps #247. If I'm honest, I'm not really sure how to diagnose such an issue.
OVERLORD commented 2026-02-04 23:18:31 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 16, 2019):

I'm not a specialist, but some people(googled) recommends to use ldap_start_tls() instead of ldap_bind()
It's not critical, I'll use ldap:// to avoid the problem.
And I remind you again: the issue reproduce only with ldaps://

@Mant1kor commented on GitHub (Jan 16, 2019): I'm not a specialist, but some people(googled) recommends to use ldap_start_tls() instead of ldap_bind() It's not critical, I'll use ldap:// to avoid the problem. And I remind you again: the issue reproduce only with ldap**s**://
OVERLORD commented 2026-02-04 23:18:39 +03:00
Author
Owner
Copy Link

@FreeTheTech101 commented on GitHub (Jan 17, 2019):

I personally believe there is something going wrong with verified LDAPS. Despite enabling trust my personal CA, I still encountered this issue. The "temporary" work around which I ended up using (which I cannot solely recommend) is changing the following lines:

LDAP_TLS_INSECURE=true

to

LDAPTLS_REQCERT=never

@FreeTheTech101 commented on GitHub (Jan 17, 2019): I personally believe there is something going wrong with verified LDAPS. Despite enabling trust my personal CA, I still encountered this issue. The "temporary" work around which I ended up using (which I cannot solely recommend) is changing the following lines: > LDAP_TLS_INSECURE=true to > LDAPTLS_REQCERT=never
OVERLORD commented 2026-02-04 23:18:44 +03:00
Author
Owner
Copy Link

@cenix102 commented on GitHub (Jan 21, 2019):

Hello to everyone!

I have the same problem. Maybe my configuration is wrong or something else. (PS: I tried the configuration from this issue).

Config:
AUTH_METHOD=ldap

LDAP_SERVER=ldaps://172.25.60.10:636
LDAP_BASE_DN=dc=mydnname=com
LDAP_DN=uid=ldap.admin,cn=mygroup,ou=global,dc=amydcname,dc=com
LDAP_PASS=mypassword
LDAP_USER_FILTER=(&(objectCategory=Person)(sAMAccountName=${user}))
LDAP_VERSION=3
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_TLS_INSECURE=never
APP_DEBUG=true
@cenix102 commented on GitHub (Jan 21, 2019): Hello to everyone! I have the same problem. Maybe my configuration is wrong or something else. (PS: I tried the configuration from this issue). Config: AUTH_METHOD=ldap ``` LDAP_SERVER=ldaps://172.25.60.10:636 LDAP_BASE_DN=dc=mydnname=com LDAP_DN=uid=ldap.admin,cn=mygroup,ou=global,dc=amydcname,dc=com LDAP_PASS=mypassword LDAP_USER_FILTER=(&(objectCategory=Person)(sAMAccountName=${user})) LDAP_VERSION=3 LDAP_EMAIL_ATTRIBUTE=mail LDAP_TLS_INSECURE=never APP_DEBUG=true ```
OVERLORD commented 2026-02-04 23:18:48 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Jan 21, 2019):

@cenix102 use ldap:// to avoid the problem. And waiting for the fix...
LDAP_SERVER=ldap://172.25.60.10:389

And one more thing:

LDAP_DN=uid=ldap.admin,cn=mygroup,ou=global,dc=amydcname,dc=com

Using admin credentials is not necessary and secure. Use a normal user account.

@Mant1kor commented on GitHub (Jan 21, 2019): @cenix102 use ldap:// to avoid the problem. And waiting for the fix... `LDAP_SERVER=ldap://172.25.60.10:389` And one more thing: >LDAP_DN=uid=ldap.admin,cn=mygroup,ou=global,dc=amydcname,dc=com Using admin credentials is not necessary and secure. Use a normal user account.
OVERLORD commented 2026-02-04 23:18:54 +03:00
Author
Owner
Copy Link

@cenix102 commented on GitHub (Jan 21, 2019):

@Mant1kor thanks for your answer. Now I have some credential errors...

PS: ldap.admin is just a the name. The user have not admin access. :-)

@cenix102 commented on GitHub (Jan 21, 2019): @Mant1kor thanks for your answer. Now I have some credential errors... PS: ldap.admin is just a the name. The user have not admin access. :-)
OVERLORD commented 2026-02-04 23:18:59 +03:00
Author
Owner
Copy Link

@christophert commented on GitHub (Feb 6, 2019):

Setting LDAP_TLS_INSECURE is the equivalent TLS REQCERT never in /etc/ldap/ldap.conf for the session so this might be unrelated.

I personally haven't run in to this issue with our AD infrastructure (2012R2/2016). Are there any log entries in the DC's auth log that indicate authentication failure? What OS is BookStack running on?

@christophert commented on GitHub (Feb 6, 2019): Setting `LDAP_TLS_INSECURE` is the equivalent `TLS REQCERT never` in `/etc/ldap/ldap.conf` for the session so this might be unrelated. I personally haven't run in to this issue with our AD infrastructure (2012R2/2016). Are there any log entries in the DC's auth log that indicate authentication failure? What OS is BookStack running on?
OVERLORD commented 2026-02-04 23:19:05 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Feb 7, 2019):

It's strange, but I can't reproduce the problem any more.
The difference is:

  • BookStack Version: v0.25.0 -> v0.25.1
  • AD forest level: 2008 -> 2008 R2

OS: CentOS 7

@Mant1kor commented on GitHub (Feb 7, 2019): It's strange, but I can't reproduce the problem any more. The difference is: * BookStack Version: v0.25.0 -> v0.25.1 * AD forest level: 2008 -> 2008 R2 OS: CentOS 7
OVERLORD commented 2026-02-04 23:19:08 +03:00
Author
Owner
Copy Link

@Duan-fei commented on GitHub (Mar 12, 2019):

@Mant1kor
I also met this kind of problem, have you solved this problem,Can you help me?
This is my ldap configuration:
微信截图_20190312133125

@Duan-fei commented on GitHub (Mar 12, 2019): @Mant1kor I also met this kind of problem, have you solved this problem,Can you help me? This is my ldap configuration: ![微信截图_20190312133125](https://user-images.githubusercontent.com/31236990/54176865-611f4580-44cb-11e9-8615-dbb688a3a0fe.png)
OVERLORD commented 2026-02-04 23:19:17 +03:00
Author
Owner
Copy Link

@Mant1kor commented on GitHub (Mar 14, 2019):

@Duan-fei
You don't use encryption. Did you get the same error "Can't contact LDAP server"?

@Mant1kor commented on GitHub (Mar 14, 2019): @Duan-fei You don't use encryption. Did you get the same error "Can't contact LDAP server"?
OVERLORD commented 2026-02-04 23:19:22 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (May 18, 2019):

An issue was found in how BookStack handles LDAP URI's. A fix was applied for release v0.26: c24764018a

If anyone is still experiencing issues it's work updating to the latest release as you may find your issue has been fixed.

@ssddanbrown commented on GitHub (May 18, 2019): An issue was found in how BookStack handles LDAP URI's. A fix was applied for release v0.26: c24764018a9684fcf4418b359ddd793bb380063b If anyone is still experiencing issues it's work updating to the latest release as you may find your issue has been fixed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
No Label 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#990
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?