Feed of "DrakeHamString"

DrakeHamString commented on issue bookstack/bookstack#6129

2026-05-15T20:04:43+02:00

Whole Bookstack instance unusable and runs into timeout when one user tries to log in while LDAP group sync is active

Seems like its a single PHP process?

DrakeHamString commented on issue bookstack/bookstack#6129

2026-05-15T10:28:43+02:00

Whole Bookstack instance unusable and runs into timeout when one user tries to log in while LDAP group sync is active

It can be sourced back to the same cause, but the outcome is differnet.

DrakeHamString opened issue bookstack/bookstack#6129

2026-05-13T10:39:29+02:00

Describe the Bug

When a user log in, the whole Bookstack instance does not respond anymore. The page doesnt load and no actions can be done.
The login takes about 10-20 (even 30 ) seconds and in that time nobody is able to work in Bookstack.
Using a reverse proxy you get a timeout at some point (yes, I know you can increase the limit, but this does not solve the problem)

One the login finishes, the instance works snappy again.

I already submitted a feature request, which would solve this issue: #6128

Steps to Reproduce

Have a big AD / LDAP environment
Activate LDAP Login and Group Sync
Specify "External Authentication IDs" in roles to match LDAP groups
User (who is part of the groups) tries to log in

Expected Behaviour

Snappy login

Screenshots or Additional Context

No response

Browser Details

Edge 148.0.3967.54 (Official Build) (64-Bit) on Windows 11

Exact BookStack Version

v26.03.3

DrakeHamString opened issue bookstack/bookstack#6128

2026-05-13T10:30:54+02:00

Describe the feature you'd like

Right now, every login in our environment needs 10-20 seconds, even causes timeouts. And while a user tries to log in, the whole bookstack instance freezes and is not usable for every user! Once the user successfully logged in, the instance is snappy again.

Currently its caused by the LDAP group sync which tries to fetch every LDAP group (I think)

It would help to specify LDAP Scopes for this:

LDAP Filter to limit the search scope for groups:
This can be achieved by a plain LDAP query or by specifying a specific OU / container which has all needed groups in it.
LDAP Filter for users
This can also be achieved by a plain LDAP query. In our case we would like to limit the users that are able to log in by requiring a specific group membership
Example:
(&(|(memberOf=cn=fancygroup,ou=bookstack,o=main))(|(objectClass=Person)(objectClass=inetOrgPerson)))
"External Authentication IDs": Specify DN instead of CN (both for user and group/role)
This eliminates searching the whole tree for a CN and instead directly addresses the DN. (which is the full LDAP path)
This also elimiates problems witn CN duplicate names.
Example:
cn=fancygroup,ou=bookstack,o=main

Describe the benefits this would bring to existing BookStack users

Users in large AD / LDAP environments would get a massive performance gain with logins and there would no impact if another user tries to log in.

Can the goal of this request already be achieved via other means?

Have you searched for an existing open/closed issue?

I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Under 3 months

Additional context

No response

Have you used generative AI/LLMs to create any thoughts in this request?

This request only contains the thoughts & ideas of a human

DrakeHamString commented on issue bookstack/bookstack#5656

2026-05-11T13:11:22+02:00

LDAP Login Performance Issue in BookStack with Large AD Environment

I'm having the same issue.