BookStack LDAP 登入
因 BUBU 公司有使用 Windows AD 服務,可以使用 LADP 方式來串連服務,這樣子日後就不用再手動去新增使用者,只要在網域控制站新增好人員名稱這樣子,就可以登入到 BookStack 服務。
設定過程
剛安裝完,預設並沒有 LDAP 服務,所以需手動新增設定如何新增設定,可以到官方文檔參考。
- 在
.env設定檔最下新增以下設定檔
# General auth
AUTH_METHOD=ldap
# The LDAP host, Adding a port is optional
LDAP_SERVER=服務主機 IP or 名稱:389
# If using LDAP over SSL you should also define the protocol:
# LDAP_SERVER=ldaps://example.com:636
# The base DN from where users will be searched within
# 輸入您的網域名稱
LDAP_BASE_DN=DC=domain,DC=com
# The full DN and password of the user used to search the server
# Can both be left as false to bind anonymously
# 這裡請輸入管理者的資訊 CN=XXXX
LDAP_DN=CN=Administrator,CN=Users,DC=domain,DC=com
LDAP_PASS=123456789
# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
# 這裡預設是 UID 可以修改成 mail 或者其他認證方式,例如:cn
LDAP_USER_FILTER=(&(mail=${user}))
# Set the LDAP version to use when connecting to the server
# 預設是 false 修改成 3
LDAP_VERSION=3
# Set the property to use as a unique identifier for this user.
# Stored and used to match LDAP users with existing BookStack users.
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
# binary data and BookStack will convert the value to a hexidecimal representation.
# Defaults to 'uid'.
LDAP_ID_ATTRIBUTE=uid
# Set the default 'email' attribute. Defaults to 'mail'
# 預設是 `mail` 為帳號,你也可以修改成其他方式,例如:cn
LDAP_EMAIL_ATTRIBUTE=mail
# Set the property to use for a user's display name. Defaults to 'cn'
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.
#LDAP_TLS_INSECURE=true
# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
# Only set this option if debugging since it will block logins and potentially show private details.
#LDAP_DUMP_USER_DETAILS=true
# 以下這一段是跟 AD 同步用
# Enable LDAP group sync, Set to 'true' to enable.
LDAP_USER_TO_GROUPS=true
# LDAP user attribute containing groups, Defaults to 'memberOf'.
LDAP_GROUP_ATTRIBUTE="memberOf"
# Remove users from roles that don't match LDAP groups.
LDAP_REMOVE_FROM_GROUPS=false
- 在用預設的管理者帳號登入去設定外部驗證
[email protected]- 在 Email 位址修改成管理者郵件帳號
- 外部身份驗證 ID 請輸入剛剛在設定檔裡面的
LDAP_DN這一段值
