Closed ZAck1387 closed 1 year ago
Hi @ZAck1387, This generally sounds like an issue of your LDAP system not returning group details.
Hi @ssddanbrown,
thank you for your reply.
@ZAck1387 ldapsearch is fairly common, commonly part of a ldap-utils
package (Have no idea about Alma linux though)
@ssddanbrown thank you very much, that was the right direction I needed, and could fix it.
The service user had no permission to read the "memberOf" attribute.
For reference: I've installed openldap-clients and with the command
ldapsearch -H ldaps://test.local:636 -b "CN=Bookstack Tester,OU=bookstack,DC=test,DC=local" -D "CN=Service Bookstack,OU=bookstack,DC=test,DC=local" -W
I could verify the service user couldn't read the memberOf attribute.
In MS AD added under security permission for specific OU the user with Type "Allow" and Applies to "Descendant User Objects" "Read memberOf"
Describe the Bug
Hi there,
I am currently testing bookstack for the first Time. Please help me for some guidance here.
LDAP server: for my test environment is based on Microsoft AD (2012 R2).
LDAP login works, but it do not try to query the LDAP group attributes of the user who tries to login and therefor fails any matching. The debug log looks like this and totally missing the "memberOf" attribute:
I have also tried other group attributes, User filters or updating php to 8.1.12.
That is my config:
Steps to Reproduce
Login with user with above mentioned config the debugger will show no memberOf
Expected Behaviour
Expected behaviour would be even if matching does not work it does at least list the memberOf groups of the user who tries to login as mentioned in release bookstack 22.03
https://www.bookstackapp.com/blog/bookstack-release-v22-03/
For example:
Screenshots or Additional Context
No response
Browser Details
Edge 106 64-bit win10; Firefox 106.0.2 64-bit win 10
Exact BookStack Version
22.10.1
PHP Version
8.1.11 + 8.1.12
Hosting Environment
Alma Linux 8.6