Active Directory new user not syncing

Nextcloud version (eg, 29.0.5): 24.0.2.1
Operating system and version (eg, Ubuntu 29.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): nginx/1.23.0
PHP version (eg, 8.3): 7.4.30 PHP FPM

The issue you are facing:

Active Directory new user not syncing

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Create or clone existing user in AD
  2. force update group policy / run cron in nextcloud
  3. Check from the nextcloud ldapsearch shows the user but user:list doesn’t add the user to nextcloud.

The output of your Nextcloud log in Admin > Logging:

There is none related to it

Post your ldap config.

Note you’re running a completely unsupported version of Nextcloud. Not only is v24 end-of-life, but you’re v24 is missing ten (!) maintenance releases within v24 that were published after 24.0.2: https://nextcloud.com/changelog-unsupported/#latest24

Sorry for late response. This is still not resolved.
One of the user added 3 weeks back still not reflecting.
*We tried enable/disable user_ldap app
*Also tried to change ldap page size from 500 - 1000

Command used to check
sudo -u www-data php /var/www/nextcloud/occ user:list | grep -i unsynceduser
No user found

ldapsearch -x -H ldap://172.30.30.3 -D “mycomp\altadmin” -W -b “dc=mycomp,dc=com” “(|(sAMAccountName=unsynceduser))”
With the above command i am able to see the user details but nextcloud is unable to fetch the new user and add it to nextcloud

sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s03 ldapConfigurationActive 1/0

Also did the above LDAP config Deactivate/Activate toggle but still nothing.

I have enabled the LDAP logs 7 days back but i can’t share it (sensitive infos). If there are specific thing i should look for in the log let me know.

±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s03 |
±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | mycomp\altadmin |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=mycomp,dc=com |
| ldapBaseGroups | dc=mycomp,dc=com |
| ldapBaseUsers | dc=mycomp,dc=com |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | admin |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (|(cn=mycomp Estonia)(cn=CHDRIVE)(cn=Store Keeper)(cn=Sojitz)(cn=QA-QC)(cn=ProjectUsers)(cn=Project Managers)(cn=Project Engineers)(cn=Office Assistant)(cn=Mechanical Engineers)(cn=IT)(cn=Electrical Engineers)(cn=Design Engineers)(cn=mycomp Service)(cn=mycomp Qatar)(cn=mycomp QA-QC)(cn=mycomp Purchase)(cn=mycomp Procurement)(cn=mycomp Planning)(cn=mycomp Personnel & Admin)(cn=mycomp Mussafah)(cn=mycomp Management)(cn=mycomp HV-AC)(cn=mycomp HSE)(cn=mycomp HR Department)(cn=mycomp Finance)(cn=mycomp Estimation)(cn=mycomp Engineering)(cn=mycomp Estonia Civil)(cn=mycomp Contracts)(cn=mycomp Central Store)(cn=mycomp Bahrain Group)(cn=mycomp Al Quoz)(cn=Civil Engineer)(cn=mycomp Projects)) |
| ldapGroupFilterGroups | mycomp Estonia;CHDRIVE;Store Keeper;Sojitz;QA-QC;ProjectUsers;Project Managers;Project Engineers;Office Assistant;Mechanical Engineers;IT;Electrical Engineers;Design Engineers;mycomp Service;mycomp Qatar;mycomp QA-QC;mycomp Purchase;mycomp Procurement;mycomp Planning;mycomp Personnel & Admin;mycomp Mussafah;mycomp Management;mycomp HV-AC;mycomp HSE;mycomp HR Department;mycomp Finance;mycomp Estimation;mycomp Engineering;mycomp Estonia Civil;mycomp Contracts;mycomp Central Store;mycomp Bahrain Group;mycomp Al Quoz;Civil Engineer;mycomp Projects |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldap://172.30.30.3 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person))(|(|(memberof=CN=CHDRIVE,DC=mycomp,DC=com)(primaryGroupID=6101))))(samaccountname=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapMatchingRuleInChainState | unknown |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 1000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=person))(|(|(memberof=CN=CHDRIVE,DC=mycomp,DC=com)(primaryGroupID=6101)))) |
| ldapUserFilterGroups | CHDRIVE |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

More …

Log files indicate this issue but the displayname is all fine checked and compared with working logins accounts. There are many of this issue.

Some part of the log is overwritten to avoid critical info sharing

“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/login”,“message”:“LDAP Login: Could not get user object for DN cn=usersyncissue xxxx xxxxxx,ou=project managers,dc=mycomp,dc=com. Maybe the LDAP entry has no set display name attribute?”,“userAgent”:“Mozilla/5.0 (“version”:“24.0.2.1”}
“user”:”–“,“app”:“no app in context”,“method”:“POST”,“url”:”/login",“message”:“Login failed: usersyncissue (Remote IP: x.x.x.x)”,“userAgent”:“Mozilla/5.0 (“version”:“24.0.2.1”}
“user”:”–“,“app”:“no app in context”,“method”:“POST”,“url”:”/login",“message”:“Login failed: mycomp\usersyncissue (Remote IP: x.x.x.x)”,“userAgent”:“Mozilla/5.0 (“version”:“24.0.2.1”}
{“reqId”:“EtdvxkcIsgIBHNTrBlTe”,“level”:0,“time”:“2024-07-12T20:18:53+04:00”,“remoteAddr”:”“,“user”:”–“,“app”:“user_ldap”,“method”:”“,“url”:”–“,“message”:“No or empty username (admin) for cn=hareesh xxxx xxxxxx,ou=project managers,dc=mycomp,dc=com.”,“userAgent”:”–",“version”:“24.0.2.1”}

why there is admin there ? in Internal Username of ldap expert section
I don’t remember the config it is 2-3 year old and was working fine. last month it started this new user adding issue.

Update : Resolved
In my case Lastpass was filling up that feild with admin and some time back it might have saved it in the form (last month when i review a case with client). After removal of it sync started.

LDAP - EXPERT - Internal Username Attribute - “admin”
LDAP - EXPERT - Internal Username Attribute - “”

In my case ldapExpertUsernameAttr must be empty else it would not work. This happen because in the gui the lastpass add it and some how i clicked continue or something to check something.

Thank you very much every body to helping me!