Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
#75 - LDAP user groups sync to Bookstack on Login #911
Closes issue #75
I set it up so that when users login using an LDAP connection, Bookstack will get all names of all groups that user is a part of on the LDAP server, and will try and match them to the names of roles created in Bookstack. For any matches it finds, it will add the user to that role on Bookstack. The groups to roles sync function only runs on login, so if a user's groups change on the LDAP server, they need to log out of Bookstack, and log back in for any changes to roles to take affect.
You do need to create roles on Bookstack with names that match groups on LDAP exactly for this to work. I did contemplate having Bookstack create roles on a LDAP login for all groups it found for a user, but talking to a few network admins, most applications have the app admins create the roles for matching.
I've added a few settings to the .env file to make this work. I've tried to explain them inline, and I can update the documentation on the website to reflect the changes if you would like.
Happy for any feedback, and willing to make changes as needed. At the place I work, we have been using this patch in production for ~2 months, with 40ish regular users, and have not ran into any issues. I did test it with a few OpenLDAP servers, and one Windows Active Directory server, and it worked in both instances.
This is my first PR here, so apologies if I have made any mistakes.
Thanks again for this @brennanmurphy, Took me longer than expected to review since I needed to learn how to properly set up my own Ldap groups in a way where
All worked great and worked as you described. It did make a few changes/updates afterwards but nothing major. These can be seen in the following commits:
As an overview, Here are the changes I made:
Hopefully my changes won't effect your patched, in-production BookStack instance upon upgrade of the next release but be cautious just incase my mapping changes affect your setup.
I'll tag this so I remember to document all this functionality before release.