search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
15.43k stars 1.94k forks source link

[LDAP] Only one account in LDAP group can login #5225

Closed florent4014 closed 1 month ago

florent4014 commented 1 month ago

Describe the Bug

It seems that Bookstack only retrieve the first account (in alphabetic order) of an LDAP group thus only permitting logging to this and only account. No errors in logs.

`

`

Steps to Reproduce

  1. Run a dockerized version of bookstack, with LDAP parameters
  2. Create "bookstack" group in LDAP and put users in it (i.e. Aramis, Athos and Porthos)
  3. Try to connect to Bookstack with Aramis, working !
  4. Try to connect with Athos, not working because second in alphabetic order.
  5. Remove Aramis from group in LDAP
  6. Retry to connect with Athos, now working ! (became first)
  7. Finally try with Porthos, unable to log in
  8. Remove Athos from LDAP group
  9. Retry to connect with Porthos, working because he is now the only one in group so the first one in alphabetic order.

Expected Behaviour

Being able to connect with all members in group

Screenshots or Additional Context

image

You can read the error message saying "These informations does not match any existing account"

Browser Details

BRAVE Version 1.70.119 Chromium: 129.0.6668.70 (64 bits)

Exact BookStack Version

BookStack v24.05.4

ssddanbrown commented 1 month ago

Hi @florent4014, This is because you're not using the provided username in the user filter at all, so it will just find all users that match the filter and use the first result.

You need to use the {user} placeholder as part of the filter. For example:

LDAP_USER_FILTER=(&(memberOf=cn=bookstack,ou=groups,dc=domain,dc=lan)(uid={user}))
florent4014 commented 1 month ago

Yup that's on me, sorry for taking your time ! The fault was between the chair and the keyboard apparently :)

It's working now, thank you !

ssddanbrown commented 1 month ago

@florent4014 No worries, good to hear things are working now!