BookStackApp
LDAP: Support binding via the authenticating user
I am trying to connect BookStack to my existing LDAP server. The server is configured so that anonymous connections cannot be done. I do not have a dedicated system user to configure LDAP_DN and LDAP_PASS in the .env file. How do I make LDAP authentication work under these circumstances ?
Thanks in advance.
+1 The documentation is not so clear and the laravel.log does not contain anything that can really help ...
How do I make LDAP authentication work under these circumstances ?
To be honest, I don't really know. It might be that my unfamiliarity with LDAP is not helping here but if you don't have either anonymous binds or a user account to use how would you connect to the LDAP system?
Do you use the LDAP system with other external applications? If so, how do they authenticate/bind?
@ssddanbrown Yes, the LDAP is being used with other external application. The user's credentials itself is used to bind to LDAP during login. No dedicated account is used.
It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName
I have the same issue as @knightfallproject , we do authentication using the final user's credential, is there a way to specify those credentials as a binding user/password? Thank you!
It would be great to specify in the documentation that to use a read account on the AD it is necessary to add the domain name to the user: LDAP_DN = SamAccountName@YourDomainName
Thanks, and please add it into the documentation !!
I am in favour of that feature. Both anonymous or some read only user provide much more information than needed for this process. My suggestion for the implentation would be something like a flag LDAP_SIMPLEBIND=true and if so there needs to be an LDAP_USER_ATTRIBUTE=<e.g. CN> which extends LDAP_DN in the background after the user logged in to LDAP_DN="${LDAP_USER_ATTRIBUTE}=${POST_REQUEST_USER},${LDAP_DN}"
