BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

ldap port 389 add possibility to change port

Open liviodaina opened this issue 2 months ago • 5 comments

Describe the feature you'd like

i've configured bookstack with ad auth on port 389 and all works fine. we have installed for enabling ldap with 2fa a software for proxing ldap effective AD servers, so in this schema: (LDAP PROXY listen on 10389) -> (LDAP EFFECTIVE: 389) in this scenario LDAP PROXY ask for username and accept 2fa code only without password as LDAP PROXY is connected to LDAP:389 in this way we have addedd 2fa function to standard ldap call. if for example i run to test the response with ldapsearch the results are the same: " ldapsearch -x -b "dc=domain,dc=com" -H ldap://000.000.000.000:389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W ldapsearch -x -b "dc=domain,dc=com" -H ldap://111.111.111.11:10389 -D "cn=user1,cn=Users,dc=domain,dc=com" -W " if i will have the possibility to change port 389 on .env configuration i think is a good option

Describe the benefits this would bring to existing BookStack users

the benefit is that bookstack service can have 2fa or a layer of security or the overall benefit regarding that bookstack server/services doens not contact ldap server directly

Can the goal of this request already be achieved via other means?

yes, you can have multiple ldap connection using ldap proxy with only one connection, you can have 2fa feature without "touch" your ad environment

Have you searched for an existing open/closed issue?

  • [x] I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Not using yet, just scoping

Additional context

No response

liviodaina avatar Oct 30 '25 08:10 liviodaina

Hi @liviodaina,

You can define a port as part of the LDAP_SERVER option as detailed in our documentation:

# The LDAP host, Adding a port is optional
LDAP_SERVER=example.com:389

So in your second command example case:

LDAP_SERVER=111.111.111.11:10389

ssddanbrown avatar Oct 31 '25 12:10 ssddanbrown

Hi, first of all thanks for your reply. sorry if i'm wrong as i've specified in that forms as you LDAP_SERVER=111.111.111.11:10389 but the response was that the server could not be contacted in 389 port. as told before the response from the server where is bookstack the command ldapsearch is fine, so i think that the function that receive the ldap host will use 389 or 636 in case of ldaps, ignoring the port specified. regards, livio

liviodaina avatar Oct 31 '25 13:10 liviodaina

@liviodaina How are you running BookStack? How did you originally install BookStack?

ssddanbrown avatar Oct 31 '25 13:10 ssddanbrown

oh yes, i've installed and im using in order to try if will be useful for us in order to take documents management of IT infrastructure, backup infrastructure, howto deploy software, faq dedicated to user, and so on. Im' trying to undestand if will be better to have stand alone service or integrated with our infrastructure, the question is if it's better to integrate, but, just consider that in case of problem you may dont have your infrastructure and you need docs that explain you how you have organized the it ? (for example)

liviodaina avatar Oct 31 '25 14:10 liviodaina

@liviodaina I mean more in the technical sense of use/install. are you using docker? Or did you install using one of our scripts?

It sounds like config/setting changes you're making are not being picked up hence I'm trying to understand your technical environment a little better.

ssddanbrown avatar Oct 31 '25 15:10 ssddanbrown