All users shown as being a member of all LDAP dynamic groups

Nextcloud version: 20.0.14.2
Operating system and version: Ubuntu 18.04 LTS
Apache or nginx version: nginx/1.14.0
PHP version: 7.2.24

The issue you are facing:

We use a combination of groupOfNames and groupOfURLs object classes for our groups.

Our groups LDAP filter query:

(|(objectclass=groupOfNames)(objectclass=groupOfURLs))

All of the groups we want to see are present in Nextcloud.

When we list ‘Everyone’ under Users, all users appear as being a member of all LDAP groups.

When we view each LDAP group under ‘Groups’ only those users who are a member are shown.

This is a problem as we have shared a folder with one of those LDAP groups and as all users appear as being a member of all groups, all users now have access to that folder.

We are running OpenLDAP 2.4.45 and as such have set useMemberOfToDetectMembership=0.

Screen shots showing group memberships in Apache Directory Studio vs. Nextcloud can be provided if necessary.

Wow, this is EXACTLY my issue today. I thought everything was working great because it displays correctly when looking at the groups. However when looking at my users, all “Dynamic Group Member URL” groups include all users. My only work around so far is to turn this off, and manually add users from these groups which is a real pain.

I am also using the example above groupOfURLs, which provides the Dynamic Group attribute I am using.