bookstack/bookstack
bookstack/bookstack
16
120
Fork 8
Code Issues 688 Pull requests 3 Releases 233 Activity Actions

More LDAP Options #6128

New issue
Open
opened 2026-05-13 10:30:51 +02:00 by DrakeHamString · 0 comments
DrakeHamString commented 2026-05-13 10:30:51 +02:00
Copy link

Describe the feature you'd like

Right now, every login in our environment needs 10-20 seconds, even causes timeouts. And while a user tries to log in, the whole bookstack instance freezes and is not usable for every user! Once the user successfully logged in, the instance is snappy again.

Currently its caused by the LDAP group sync which tries to fetch every LDAP group (I think)

It would help to specify LDAP Scopes for this:

  1. LDAP Filter to limit the search scope for groups:
    This can be achieved by a plain LDAP query or by specifying a specific OU / container which has all needed groups in it.

  2. LDAP Filter for users
    This can also be achieved by a plain LDAP query. In our case we would like to limit the users that are able to log in by requiring a specific group membership
    Example:
    (&(|(memberOf=cn=fancygroup,ou=bookstack,o=main))(|(objectClass=Person)(objectClass=inetOrgPerson)))

  3. "External Authentication IDs": Specify DN instead of CN (both for user and group/role)
    This eliminates searching the whole tree for a CN and instead directly addresses the DN. (which is the full LDAP path)
    This also elimiates problems witn CN duplicate names.
    Example:
    cn=fancygroup,ou=bookstack,o=main

Describe the benefits this would bring to existing BookStack users

Users in large AD / LDAP environments would get a massive performance gain with logins and there would no impact if another user tries to log in.

Can the goal of this request already be achieved via other means?

No

Have you searched for an existing open/closed issue?

  • I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Under 3 months

Additional context

No response

Have you used generative AI/LLMs to create any thoughts in this request?

  • This request only contains the thoughts & ideas of a human
### Describe the feature you'd like Right now, every login in our environment needs 10-20 seconds, even causes timeouts. **And while a user tries to log in, the whole bookstack instance freezes and is not usable for every user!** Once the user successfully logged in, the instance is snappy again. Currently its caused by the LDAP group sync which tries to fetch every LDAP group (I think) It would help to specify LDAP Scopes for this: 1. LDAP Filter to limit the search scope for groups: This can be achieved by a plain LDAP query or by specifying a specific OU / container which has all needed groups in it. 2. LDAP Filter for users This can also be achieved by a plain LDAP query. In our case we would like to limit the users that are able to log in by requiring a specific group membership Example: `(&(|(memberOf=cn=fancygroup,ou=bookstack,o=main))(|(objectClass=Person)(objectClass=inetOrgPerson)))` 3. "External Authentication IDs": Specify DN instead of CN (both for user and group/role) This eliminates searching the whole tree for a CN and instead directly addresses the DN. (which is the full LDAP path) This also elimiates problems witn CN duplicate names. Example: `cn=fancygroup,ou=bookstack,o=main` ### Describe the benefits this would bring to existing BookStack users Users in large AD / LDAP environments would get a massive performance gain with logins and there would no impact if another user tries to log in. ### Can the goal of this request already be achieved via other means? No ### Have you searched for an existing open/closed issue? - [x] I have searched for existing issues and none cover my fundamental request ### How long have you been using BookStack? Under 3 months ### Additional context _No response_ ### Have you used generative AI/LLMs to create any thoughts in this request? - [x] This request only contains the thoughts & ideas of a human
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
l10n_development
lexical_may_2026
release
v26-03
ci_fixing
codeberg-actions
sort_rule_text
llm_only
vectors
docker_env
drawio_rendering
user_permissions
ldap_host_failover
svg_image
prosemirror
captcha_example
fix/video-export
v26.03.4
v26.03.3
v26.03.2
v26.03.1
v26.03
v25.12.9
v25.12.8
v25.12.7
v25.12.6
v25.12.5
v25.12.4
v25.12.3
v25.12.2
v25.12.1
v25.12
v25.11.6
v25.11.5
v25.11.4
v24.11.4
v25.11.3
v25.11.2
v25.11.1
v25.11
v25.07.3
v25.07.2
v25.07.1
v25.07
v25.05.2
v25.05.1
v25.05
v25.02.5
v25.02.4
v25.02.3
v25.02.2
v25.02.1
v25.02
v24.12.1
v24.12
v24.10.3
v24.10.2
v24.10.1
v24.10
v24.05.4
v24.05.3
v24.05.2
v24.05.1
v24.05
v24.02.3
v24.02.2
v24.02.1
v24.02
v23.12.3
v23.12.2
v23.12.1
v23.12
v23.10.4
v23.10.3
v23.10.2
v23.10.1
v23.10
v23.08.3
v23.08.2
v23.08.1
v23.08
v23.06.2
v23.06.1
v23.06
v23.05.2
v23.05.1
v23.05
v23.02.3
v23.02.2
v23.02.1
v23.02
v23.01.1
v23.01
v22.11.1
v22.11
v22.10.2
v22.10.1
v22.10
v22.09.1
v22.09
v22.07.3
v22.07.2
v22.07.1
v22.07
v22.06.2
v22.06.1
v22.06
v22.04.2
v22.04.1
v22.04
v22.03.1
v22.03
v22.02.3
v22.02.2
v22.02.1
v22.02
v21.12.5
v21.12.4
v21.12.3
v21.12.2
v21.12.1
v21.12
v21.11.3
v21.11.2
v21.11.1
v21.11
v21.10.3
v21.10.2
v21.10.1
v21.10
v21.08.6
v21.08.5
v21.08.4
v21.08.3
v21.08.2
v21.08.1
v21.08
v21.05.4
v21.05.3
v21.05.2
v21.05.1
v21.05
v21.04.6
v21.04.5
v21.04.4
v21.04.3
v21.04.2
v21.04.1
v21.04
v0.31.8
v0.31.7
v0.31.6
v0.31.5
v0.31.4
v0.31.3
v0.31.2
v0.31.1
v0.31.0
v0.30.7
v0.30.6
v0.30.5
v0.30.4
v0.30.3
v0.30.2
v0.30.1
v0.30.0
v0.29.3
v0.29.2
v0.29.1
v0.29.0
v0.28.3
v0.28.2
v0.28.1
v0.28.0
v0.27.5
v0.27.4
v0.27.3
v0.27.2
v0.27.1
v0.27
v0.26.4
v0.26.3
v0.26.2
v0.26.1
v0.26.0
v0.25.5
v0.25.4
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.3
v0.24.2
v0.24.1
v0.24.0
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.0
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.1
v0.13.0
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.2
v0.8.1
v0.8.0
v0.7.6
v0.7.5
v0.7.4
v0.7.3
0.7.2
v.0.7.1
v0.7.0
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.0
Labels
Clear labels   
Focus: A11y
Accessibility

  
Focus: Admin/Meta

   
Focus: Authentication

   
Focus: Back-End

   
Focus: Database

   
Focus: Design & UX

   
Focus: Editor - Markdown

   
Focus: Editor - WYSIWYG

   
Focus: Export System

   
Focus: Front-End

   
Focus: Translations

   
Focus: View Customization

   
Is: Docs Update

   
Is: Enhancement

   
Is: Priority

   
Is: Security

   
Is: Upstream
  
Status
Blocked

  
Status
Open to discussion

  
Status
Out of scope

  
Status
Pending Validation

  
Type
API Request

  
Type
Bug Report

  
Type
Feature Request

  
Type
Happy feedback

  
Type
Maintenance

  
Type
Question

  
Type
Support

No labels
Focus: A11y
Focus: Admin/Meta
Focus: Authentication
Focus: Back-End
Focus: Database
Focus: Design & UX
Focus: Editor - Markdown
Focus: Editor - WYSIWYG
Focus: Export System
Focus: Front-End
Focus: Translations
Focus: View Customization
Is: Docs Update
Is: Enhancement
Is: Priority
Is: Security
Is: Upstream
Status
Blocked
Status
Open to discussion
Status
Out of scope
Status
Pending Validation
Type
API Request
Type
Bug Report
Type
Feature Request
Type
Happy feedback
Type
Maintenance
Type
Question
Type
Support
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
bookstack/bookstack#6128
No description provided.