After login with LDAP user, this user lands on other LDAP user account

So my company administrates school and they have Nextcloud. I have LDAP connection to sync all my users. They use micro focus system for schools. So my main problem is, when user makes login he lands sometimes on other account. For example: Henry makes login, but he lands on account from Max, I don’t know how to fix this, or what could be a problem.
Server Info:
Ubuntu 22.04
Nextcloud Version 25.0.4
PHP 8.1
Database mySQL
Caching Redis

Nexcloud matches users on the uid. You needs to map the nextcloud UID to the correct corresponding unique UID of your ldap users.

Using Micro Focus I guess that you are using eDirectory? If so, then do not match on CN. The CN is not unique in a proper LDAP (and eDirectory is superior to any other LDAP capable solutions out there). There is actually a UID attribute in eDirectory. The question is if you actually uses it? Can you see this in iManager or in your LDAP browser?

Yes we are using eDirectory. And just a little more backgorund, a few weeks ago I made Nextcloud migration to a new server. So I made a new clean Ubuntu install and Nextcloud install on a new virtual machine and I migrated all the files to a new server. It worked all fine. Could it be wrong cache saved on server, or are those UID’s somehow changed and then Nextcloud thinks that one user is other one? And I took the same settings for LDAP connection. I need to ask my colleagues about iManager and UID’s, because I’m only administrating Nextcloud. I’m going to upload my LDAP connection settings. And thank you for fast respond. I’m from Germany, so some words are written in german.

If you have not set a custom naming rule for the users folders, it will be set as the user UID. Look at your data folder on the Ubuntu to verify the names of the folder.
When you installed and moved the user data by copy or RSYNC and you rescanned with OCC, it has matched the folders with the UID it created the user with in the Nextcloud database during their first login. We are vernturing into a level where I has to say I am uncertain. It does not sound like it is an issue in the LDAP integration though.

First of all: Backup the entire /data/* folder. Dump your Database to have a backup.
better yet: If you can make a snapshot of your system.

Then try to configure the naming rule for users folder. Sorry but this will be in English, freely translated from Danish as that is my system langiuage:

System Settings → LDAP/AD integration → Advanced (top right in that screenshot) → Last foldable section (called special attributes here).

Set the naming=a desired LDAP attribute, like CN, UID, etc.
Now first time a user logs in, it will create them a clean and new folder. You can create them an empty folder with the excact name it will be, based on the attribute value you chose. That way you can do the below right away. (There will be cache and index errors for that user, but the users will not see it) The painfull job comes now: You will have to identify each users original folder, and then move all content of their “old” folder, to their new folder. When you are done: Run the following:
occ files:cleanup
occ files:repair-tree
occ files:scan --all
occ maintenance:data-fingerprint EDIT: Forgot this step

There is an occ command: files:transfer-ownership
However that will not work as the link between your users and their datafolders are broken.

It will be a long process, however if you finds the logic of how it recognices users and matching the folders, you can script this to avoid days of manual work.

The safest option:
If you has the old nextcloud system available, use the nextcloud migration feature.

So I looked on my nextcloud there isn’t any naming rule, it is just blank. I looked in data folder aswell and my folders are named after usernames. So you are saying that I should just follow this steps you wrote and it should make correct connection between user and user folder? And yes I have my old Nextcloud installation, how can I use this nextcloud migration feature?


https://docs.nextcloud.com/server/latest/admin_manual/maintenance/migrating.html

Or this:

You could keep the old NC running and install this one APP. Then send out an email to all users that they use this feature. Using this app has the advantage that it is not just a copy. It is basically “creating” everything on new system - complete with fingerprints and all.

Disadvantage is users with A LOT of data…

I just realized that I didn’t describe my problem exactly. So here is one more time, user makes login and he lands on account of other person, then user logs out, and then tries to login again and he lands on the right user account. For me it just all sounds really crazy, but I have no idea why is nextcloud doing it so. If you could maybe clarify to me what am I doing wrong or what is my nextcloud doing wrong?

Ah.

Did you move also yout Nextcloud user database?

It sounds like you have issues with the nextcloud user database, but that it will correct itself after first successfull login. This tells me there is hope for fixing, but you probably needs help from those more deeper into the code of Nextcloud. I cannot help you there. Sorry.

So if I understood it right, after every first successful login it should fix itself for every user. So it should work right on the second login without any issues and without going to wrong account? I checked my user database and it seems like everything is ok with my database.
And I was thinking, what if I do one more migration and then make LDAP connection first and then move all of the data to the new nextcloud. I don’t know if this can make a difference, what is your opinion?

Tbh: It seems so. I have no idea. Test it with two or three users who consents to it to be sure.

Maybe try this:

occ ldap:show-remnants

and

occ ldap:update-uuid

(Attempts to update UUIDs of user and group entries. By default, the command attempts to update UUIDs that have been invalidated by a migration step.)