search

linuxserver / docker-bookstack

A Docker container for the BookStack documentation wiki
GNU General Public License v3.0
747 stars 108 forks source link

LDAP Support #146

Closed PaulaBras closed 1 year ago

PaulaBras commented 1 year ago

linuxserver.io

I would like to have an LDAP implementation for Docker. Unfortunately, according to the bookstack documentation, this is currently not possible. As you can see below, there is no PHP module.

Currently, bookstack is running as Docker on a Debian 11 machine with Docker version 20.10.17, build 100c701.

Desired Behavior

Current config in .env:

# General auth
AUTH_METHOD=ldap
LDAP_SERVER=<MyIP>:389
LDAP_BASE_DN="ou=Bonn,OU=User,dc=example,dc=com"
LDAP_DN="cn=BookStack,ou=serviceaccounts,dc=example,dc=com"
LDAP_PASS="notMyPassword_:P"
LDAP_USER_FILTER=(&(sAMAccountName=${user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=BIN;objectGUID
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto
LDAP_START_TLS=false

Current Behavior

LDAP Login tried with domain\user and user. Both are currently running into an error: ldap_search cannot be found occurs. Capture

Stack Trace

#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError()
#1 /app/www/app/Auth/Access/Ldap.php(63): ldap_search()
#2 /app/www/app/Auth/Access/Ldap.php(91): BookStack\Auth\Access\Ldap->search()
#3 /app/www/app/Auth/Access/LdapService.php(73): BookStack\Auth\Access\Ldap->searchAndGetEntries()
#4 /app/www/app/Auth/Access/LdapService.php(95): BookStack\Auth\Access\LdapService->getUserWithAttributes()
#5 /app/www/app/Auth/Access/Gua
![Capture](https://user-images.githubusercontent.com/68814660/202119080-26268d8c-e9f7-4c06-84fb-88c16a522cc4.JPG)
rds/LdapSessionGuard.php(72): BookStack\Auth\Access\LdapService->getUserDetails()
#6 /app/www/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(340): BookStack\Auth\Access\Guards\LdapSessionGuard->attempt()
#7 /app/www/app/Auth/Access/LoginService.php(157): Illuminate\Auth\AuthManager->__call()
#8 /app/www/app/Http/Controllers/Auth/LoginController.php(151): BookStack\Auth\Access\LoginService->attempt()
#9 /app/www/app/Http/Controllers/Auth/LoginController.php(82): BookStack\Http\Controllers\Auth\LoginController->attemptLogin()
#10 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\LoginController->login()
#11 /app/www/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction()
#12 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch()
#13 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#14 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run()
#15 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}()
#16 /app/www/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#17 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle()
#18 /app/www/app/Http/Middleware/RedirectIfAuthenticated.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#19 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RedirectIfAuthenticated->handle()
#20 /app/www/app/Http/Middleware/Localization.php(45): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#21 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle()
#22 /app/www/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#23 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle()
#24 /app/www/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#25 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle()
#26 /app/www/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle()
#28 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#30 /app/www/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#32 /app/www/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#33 /app/www/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#34 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
#35 /app/www/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#36 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#37 /app/www/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#38 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#39 /app/www/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#40 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle()
#41 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#42 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then()
#43 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack()
#44 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute()
#45 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute()
#46 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch()
#47 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#48 /app/www/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#49 /app/www/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle()
#50 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle()
#51 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#52 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#53 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
#54 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#55 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#56 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#57 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#58 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#59 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then()
#60 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#61 /app/www/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle()
#62 {main}

Alternatives Considered

none

Environment

OS: Linux Debian CPU architecture: x86_64 How docker service was installed with Portianer. Database is a MariaDB on the network. Access is given throw a nginx reverse proxy.

Docker logs

n/a -

github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

ssddanbrown commented 1 year ago

@PaulaBras This will likely be closed since you have not followed the issue template at all.

This container should already have the php-ldap extensions installed for ldap to work in BookStack. If you are getting a particular error that may suggest otherwise, it would be useful to provide that error or detail the exact issue you're seeing, and what you're doing to produce the error.

PaulaBras commented 1 year ago

@PaulaBras This will likely be closed since you have not followed the issue template at all.

This container should already have the php-ldap extensions installed for ldap to work in BookStack. If you are getting a particular error that may suggest otherwise, it would be useful to provide that error or detail the exact issue you're seeing, and what you're doing to produce the error.

Apologies for the inconvenience. I have adjusted the post.

ssddanbrown commented 1 year ago

@PaulaBras Thanks! It's getting fairly far down the logic so that re-assures the required PHP ldap extension is installed and active.

From what I can see, this error can commonly be thrown if the ldap base DN is invalid. Can you double check your LDAP_BASE_DN value for any errors, or maybe test a base DN that's higher up the directory tree?

PaulaBras commented 1 year ago

After fiddling a little with the settings, I found out that you were right. For future use: check at this error "LDAP_BASE_DN" and test it with "dc=example,dc=com" only to get it running. Add OUs later if you got any problems.

Thanks for the help @ssddanbrown .