BookStackapp with OpenLDAP authentication

1 Comment / server / By / 2020-05-22

I was about to post how to enable the LDAP authentication with Bookstack after I posted the DokuWiki with OpenLDAP authentication. However, I got some hiccups in the process. I was able to get the LDAP working, but there is no admin account. To make a long story short, here is the bug report if you are interested.

The version that had the LDAP issue were 0.28.0 through version 0.29.0. I reported the bug issue and the dev was very quick to get the resolution. The BookStackapp version that has addressed the LDAP issue is 0.29.1 and hopefully later versions. Even the LDAP authentication has been fixed, it seems like the LDAPS is still broken.

Anyways, to get the LDAP authentication working with admin privilege, you would need the following.

  • LDAP server
  • Service account # optional, but recommended
  • uid of the LDAP admin user

The uid is the account name or user name of the LDAP user. Make sure you jot this one down.

By default, Bookstackapp uses its local user database. To enable LDAP, we need to add the LDAP parameters to the .env file. I am using the linuxserver/bookstack Docker container and the .env file is located in /config/www/.

Before modifying the .env file, make sure to login to the BookStack web UI using the local admin account to prevent getting locked out. The changes to the .env file activates immediately. The LDAP parameters are the following. Please adjust the value based on your environment.

AUTH_METHOD=ldap
LDAP_SERVER=10.0.7.40:7389
#LDAP_SERVER=ldaps://10.0.7.40:7636
LDAP_BASE_DN=dc=networkshinobi,dc=com
LDAP_DN=uid=bookstack_svc,cn=users,dc=networkshinobi,dc=com
LDAP_PASS=asdDInawi&sadud8oa(^!p
LDAP_USER_FILTER=(&(uid=${user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=uid
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=uid
LDAP_USER_TO_GROUPS=true
LDAP_GROUP_ATTRIBUTE="memberOf"
LDAP_REMOVE_FROM_GROUPS=false
LDAP_AUTO_CONFIRM_EMAIL=true
#LDAP_TLS_INSECURE=true
LDAP_FOLLOW_REFERRALS=true
APP_DEBUG=true

The following are the key lines and the rest can be kept the default as shown in the example above.

  • The AUTH_METHOD defines the authentication method to use. Set the value to standard if the desired authentication method to use is the local user database
  • The LDAP_SERVER can be the hostname or the IP address of the LDAP server followed by the LDAP port number
  • The LDAP_BASE_DN is the location from where the Bookstack will search for users
  • The LDAP_DN is the bind DN which is an object that Bookstack would use to execute an instruction
  • The LDAP_PASS is the password of the bind DN
  • The LDAP_TLS_INSECURE=true if you are using self-signed certificates; otherwise, set the value to false

In the web UI, navigate to Settings > Users

  1. Select the local admin account
  2. Enter the uid of the LDAP user that would have admin privilege to the Bookstack in the External Authentication ID field
  3. Click Save
Figure 1

Once done, logout then log back in to verify. This is pretty much it.

Cheers!

Subscribe
Notify of
guest

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
qannon
qannon
1 year ago

Thank you this really helped me out.

0
Reply
1
0
Would love your thoughts, please comment.x
()
x