I was about to post how to enable the LDAP authentication with Bookstack after I posted the DokuWiki with OpenLDAP authentication. However, I got some hiccups in the process. I was able to get the LDAP working, but there is no admin account. To make a long story short, here is the bug report if you are interested.
The version that had the LDAP issue were 0.28.0 through version 0.29.0. I reported the bug issue and the dev was very quick to get the resolution. The BookStackapp version that has addressed the LDAP issue is 0.29.1 and hopefully later versions. Even the LDAP authentication has been fixed, it seems like the LDAPS is still broken.
Anyways, to get the LDAP authentication working with admin privilege, you would need the following.
- LDAP server
- Service account # optional, but recommended
uid
of the LDAP admin user
The uid
is the account name or user name of the LDAP user. Make sure you jot this one down.
By default, Bookstackapp uses its local user database. To enable LDAP, we need to add the LDAP parameters to the .env
file. I am using the linuxserver/bookstack Docker container and the .env
file is located in /config/www/
.
Before modifying the .env
file, make sure to login to the BookStack web UI using the local admin account to prevent getting locked out. The changes to the .env
file activates immediately. The LDAP parameters are the following. Please adjust the value based on your environment.
AUTH_METHOD=ldap LDAP_SERVER=10.0.7.40:7389 #LDAP_SERVER=ldaps://10.0.7.40:7636 LDAP_BASE_DN=dc=networkshinobi,dc=com LDAP_DN=uid=bookstack_svc,cn=users,dc=networkshinobi,dc=com LDAP_PASS=asdDInawi&sadud8oa(^!p LDAP_USER_FILTER=(&(uid=${user})) LDAP_VERSION=3 LDAP_ID_ATTRIBUTE=uid LDAP_EMAIL_ATTRIBUTE=mail LDAP_DISPLAY_NAME_ATTRIBUTE=uid LDAP_USER_TO_GROUPS=true LDAP_GROUP_ATTRIBUTE="memberOf" LDAP_REMOVE_FROM_GROUPS=false LDAP_AUTO_CONFIRM_EMAIL=true #LDAP_TLS_INSECURE=true LDAP_FOLLOW_REFERRALS=true APP_DEBUG=true
The following are the key lines and the rest can be kept the default as shown in the example above.
- The
AUTH_METHOD
defines the authentication method to use. Set the value tostandard
if the desired authentication method to use is the local user database - The
LDAP_SERVER
can be the hostname or the IP address of the LDAP server followed by the LDAP port number - The
LDAP_BASE_DN
is the location from where the Bookstack will search for users - The
LDAP_DN
is the bind DN which is an object that Bookstack would use to execute an instruction - The
LDAP_PASS
is the password of the bind DN - The
LDAP_TLS_INSECURE=true
if you are using self-signed certificates; otherwise, set the value tofalse
In the web UI, navigate to Settings > Users
- Select the local admin account
- Enter the
uid
of the LDAP user that would have admin privilege to the Bookstack in the External Authentication ID field - Click Save

Once done, logout then log back in to verify. This is pretty much it.
Cheers!
Thank you this really helped me out.