LDAP Group sync dont works

[GamerClassN7]

Describe the Bug

LDAP gropups ate not used by bookstack

Steps to Reproduce

1. Configure ldap
2. Setup Group sync
3. Login

Expected Behaviour

Usel loged in from ad became meber of respective group

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

BookStack v24.05

[GamerClassN7]

[GamerClassN7]

resul tof dumping groups for a user

[GamerClassN7]

[ssddanbrown]

@GamerClassN7 In the dump the value is wiki_admin, but the role external auth ID is set as wiki_admins, and therefore those don't match up, unless I'm misunderstanding your setup?

[GamerClassN7]

@GamerClassN7 In the dump the value is wiki_admin, but the role external auth ID is set as wiki_admins, and therefore those don't match up, unless I'm misunderstanding your setup?

I am desperate so, i am trying all variations, I even created all variants singular/plural I even typed to use DN and even create new group with same name and external id. :( all attempts without any results :( I posted only last variant of my attempts :(

[ssddanbrown]

Okay, as long as you have something in parsed_recursive_user_groups that exactly matches with the role external auth ID (and the role has been saved with that matching ID), you should be good, there's little that can prevent a sync after that. Most problems arise in handling of different casing & spaces, but if you have wiki_admin aligned on both sides you should be good as that name should not be touched in formatting standardisation.

• Did they sync before or is this something new you're setting up?
• Do you have any other kinds of authentication active in BookStack?

[GamerClassN7]

Okay, as long as you have something in parsed_recursive_user_groups that exactly matches with the role external auth ID (and the role has been saved with that matching ID), you should be good, there's little that can prevent a sync after that. Most problems arise in handling of different casing & spaces, but if you have wiki_admin aligned on both sides you should be good as that name should not be touched in formatting standardisation.

• Did they sync before or is this something new you're setting up?
• Do you have any other kinds of authentication active in BookStack?

1. Something new i did not used LDAP groups before
2. No only LDAP

[ssddanbrown]

I don't really have much else to suggest outside of dumping data within the code.

If possible, within the app/Access/GroupSyncService.php file, you could find line 66 and add:

throw new \BookStack\Exceptions\JsonDebugException(['roles' => $roles->toArray(), 'groups' => $groupNames, 'matched' => $matchedRoles->toArray()]);

That should hopefully provide, on login attempt, full insight into what's calculated at match/comparison time. I have not tested the above though.

[RedLighttt]

Hello @ssddanbrown,
unfortunately we also had a problem with German umlauts. We have a group with a small letter ‘ü’.
Under app/Access/GroupSyncService.php after line 59 I added logger($groupNames[$i]); to write the group name into the log. I noticed that the letter ‘ü’ was converted to ‘\c3\bc’. As soon as I insert the logged group name into the ‘External Authentication IDs’, the synchronisation works.

I don't know if this is an error or a misconfiguration on my part.
I hope this information helps you to solve the problem.