BookStack LDAP 登入

因 BUBU 公司有使用 Windows AD 服務,可以使用 LADP 方式來串連服務,這樣子日後就不用再手動去新增使用者,只要在網域控制站新增好人員名稱這樣子,就可以登入到 BookStack 服務。


剛安裝完,預設並沒有 LDAP 服務,所以需手動新增設定如何新增設定,可以到官方文檔參考。

  • .env 設定檔最下新增以下設定檔
# General auth

# The LDAP host, Adding a port is optional
LDAP_SERVER=服務主機 IP or 名稱:389
# If using LDAP over SSL you should also define the protocol:
# LDAP_SERVER=ldaps://

# The base DN from where users will be searched within
# 輸入您的網域名稱

# The full DN and password of the user used to search the server
# Can both be left as false to bind anonymously
# 這裡請輸入管理者的資訊 CN=XXXX 

# A filter to use when searching for users
# The user-provided user-name used to replace any occurrences of '${user}'
# 這裡預設是 UID 可以修改成 mail 或者其他認證方式,例如:cn

# Set the LDAP version to use when connecting to the server
# 預設是 false 修改成 3

# Set the property to use as a unique identifier for this user.
# Stored and used to match LDAP users with existing BookStack users.
# Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
# binary data and BookStack will convert the value to a hexidecimal representation.
# Defaults to 'uid'.

# Set the default 'email' attribute. Defaults to 'mail'
# 預設是 `mail` 為帳號,你也可以修改成其他方式,例如:cn

# Set the property to use for a user's display name. Defaults to 'cn'

# If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
# Only set this option if debugging or you're absolutely sure it's required for your setup.

# If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
# Only set this option if debugging since it will block logins and potentially show private details.

# 以下這一段是跟 AD 同步用
# Enable LDAP group sync, Set to 'true' to enable.

# LDAP user attribute containing groups, Defaults to 'memberOf'.

# Remove users from roles that don't match LDAP groups.
  • 在用預設的管理者帳號登入去設定外部驗證 [email protected]
    • 在 Email 位址修改成管理者郵件帳號
    • 外部身份驗證 ID 請輸入剛剛在設定檔裡面的 LDAP_DN 這一段值