# 整合網域主控站(Active Directory)

##### **<span style="color: rgb(35, 111, 161);">1. 綁定管理者角色</span>**

<p class="callout info">網域主控站新增一個群組「BookStackAdmin」</p>

[![image.png](https://book.kafeiou.pw/uploads/images/gallery/2024-03/scaled-1680-/gSuimage.png)](https://book.kafeiou.pw/uploads/images/gallery/2024-03/gSuimage.png)

<p class="callout info">BookStack選定Admin角色，在「外部身分驗證ID」輸入BookStackAdmin，與網域群組「BookStackAdmin」綁定</p>

[![image.png](https://book.kafeiou.pw/uploads/images/gallery/2024-03/scaled-1680-/image.png)](https://book.kafeiou.pw/uploads/images/gallery/2024-03/image.png)


<p class="callout success">網域使用者帳號，只要隸屬於BookStackAdmin角色，就會有BookStack系統管理者權限</p>

[![image.png](https://book.kafeiou.pw/uploads/images/gallery/2024-03/scaled-1680-/cLFimage.png)](https://book.kafeiou.pw/uploads/images/gallery/2024-03/cLFimage.png)

##### <span style="color: rgb(35, 111, 161);">**2. 修改設定檔案，用以綁定網域帳號登，**</span>

docker容器為例子， **vi /app/www/.env**

```
AUTH_METHOD=ldap
LDAP_SERVER=<網域主控站IP>:389
LDAP_BASE_DN="DC=test,DC=com,DC=tw"
LDAP_DN="CN=book,CU=users,DC=test,DC=com,DC=tw"
LDAP_PASS="password"
LDAP_GROUP_ATTRIBUTE="memberOf"
LDAP_USER_FILTER=(&(sAMAccountName=${user}))
LDAP_VERSION=3
LDAP_ID_ATTRIBUTE=BIN;objectGUID
LDAP_EMAIL_ATTRIBUTE=mail
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto
LDAP_START_TLS=false
LDAP_USER_TO_GROUPS=true
LDAP_REMOVE_FROM_GROUPS=false
```

以上設定值需調整：

1. LDAP\_SERVER
2. LDAP\_BASE\_DN
3. LDAP\_DN
4. LDAP\_PASS

<p class="callout success">重開服務，請使用有網域管理員Domain Admins的帳號登入，測試是否能正常登入，以及是否有管理權限</p>