BookStack login via LDAP / Verify AD

according to BookStack official explanation,To use LDAP / Sign verification as AD,.Env need to add to the file following first set value,Examples Domain:
◎ AD domain: abc.com.tw
◎ AD manager account / Password: administrator / 123456

 

 
# General auth
AUTH_METHOD=ldap

# The LDAP host, Adding a port is optional
LDAP_SERVER=abc.com.tw:389
# If using LDAP over SSL you should also define the protocol:
# LDAP_SERVER=ldaps://example.com:636

# The base DN from where users will be searched within
LDAP_BASE_DN=dc=abc,dc=com,dc=tw

# The full DN and password of the user used to search the server
# Can both be left as false to bind anonymously
LDAP_DN= cn=administrator,cn=users,dc=abc,dc=com,dc=tw
LDAP_PASS=123456

# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
LDAP_USER_FILTER=(&(sAMAccountName=${user}))
#以 AD 帳號的 sAMAccountName 值作為 BookStack 的帳號。

# Set the LDAP version to use when connecting to the server
LDAP_VERSION=3

# Set the default 'email' attribute. Defaults to 'mail'
LDAP_EMAIL_ATTRIBUTE=mail
#以 AD 帳號的 mail 值作為 BookStack 帳號的 mail 值。

# Set the property to use for a user's display name. Defaults to 'cn'
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
#以 AD 帳號的 cn 值作為 BookStack 帳號的顯示名稱。
#這邊如果改成 sAMAccountName,BookStack 仍會帶到 cn,原因不明。

# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.
#LDAP_TLS_INSECURE=true

◎ modify the parameters of the process,Simply save .env file to apply the new settings,No need to restart Apache。
◎ "display name" if spaces,Will appear incomplete。

 

After the change to take effect End,A problem occurs,When the AD manager (administrator) Log in,No administrator privileges;The original BookStack manager (admin@admin.com) They no longer have access。In accordance with the official explanation,Please follow the steps below to set:
1. .Env turn off the LDAP / AD authentication setting。
2. To account managers of BookStack (admin@admin.com) Sign in。
3. Open .env the LDAP / AD authentication setting。
4. To edit the user profile page,There will be a "external authentication ID" field,Import”CN=Administrator,CN=Users,DC=abc,DC = com,DC=tw” (The case can not be wrong),The BookStack manager (admin@admin.com)Managers with AD (administrator)String together。

5. Sign out,The AD manager (administrator) Sign in,You can have administrator privileges。
 

 

2 Responses

  1. Daniel Chou Says |

    Moderator is good
    請問
    1. “Name”Can you use Chinese name?
    2. Can I fill in the external identity field?
    CN=danielchou, CN=users, DC=abc,DC=local

    Thanks

    您好
    1.My impression is ok。
    2.Depends on your AD architecture,Suppose danielchou is under users,Then the string you hit is right。
    Xie Xie

    Anson Reply |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.