Nextcloud version (eg, 12.0.2): 17.033
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04LTS
Apache or nginx version (eg, Apache 2.4.25):
PHP version (eg, 7.1): 7.2
Hi,
I am trying to connect my NextCloud instance to my FreeIPA server, but LDAP is failing to bind, with a bind failure code 49. When in the LDAP configuration tool I can test the Base DN and it is succuessfule and finds 175 entries in the DN, but when trying to pick up the users the nest tab with an objectClass=* filter it returns 0 entries. When I try and commit the changes I get an error “cannot connect the LDAP” and the below log entries.
I can remotely run an ldapsearch query against my IPA server successfully.
I have tried this with a newly created bind account and the default Directory Manager account for testing and get the same result each time.
Any help would be greatly appreciated.
Thanks
Gaz
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Install FreeIPA-client
- Follow the LDAP Integration Setup steps in the NextCloud Documentation
The output of your Nextcloud log in Admin > Logging:
{"reqId":"NDqZzzSTsvLWceVDT0QJ","level":2,"time":"2020-03-12T10:25:32+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"17.0.3.1","id":"5e6a10b8a6bdd"}
{"reqId":"ujQVmZV0lIoVf7TQybUO","level":3,"time":"2020-03-12T10:55:37+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"ldap_control_paged_result_response(): No server controls in result at /snap/nextcloud/19299/htdocs/apps/user_ldap/lib/LDAP.php#74","userAgent":"--","version":"17.0.3.1","id":"5e6a1529e4634"}
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/snap/nextcloud/current/htdocs/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
'url' => '/extra-apps',
'writable' => true,
),
),
'supportedDatabases' =>
array (
0 => 'mysql',
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/sockets/redis.sock',
'port' => 0,
),
'passwordsalt' => 'xxxxxxxx',
'secret' => 'xxxxxxxx',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nextcloud.my.domain',
),
'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data',
'dbtype' => 'mysql',
'version' => '17.0.3.1',
'overwrite.cli.url' => 'http://localhost',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxxxxx',
'dbpassword' => 'xxxxxxxxxxx',
'installed' => true,
'instanceid' => 'oc71g2u5njnk',
'maintenance' => false,
'loglevel' => 2,
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);
The output of your Apache/nginx/system log in /var/log/____:
[Tue Mar 10 11:33:07.338626 2020] [proxy_fcgi:error] [pid 3351:tid 139889928513280] (104)Connection reset by peer: [client x.x.x.x:49224] AH01075: Error dispatching request to :
[Tue Mar 10 11:33:05.957021 2020] [proxy_fcgi:error] [pid 3351:tid 139889878157056] [client 172.16.60.3:5509] AH01067: Failed to read FastCGI header
[Tue Mar 10 11:33:07.338713 2020] [proxy_fcgi:error] [pid 3351:tid 139889878157056] (104)Connection reset by peer: [client x.x.x.x:5509] AH01075: Error dispatching request to :
[Tue Mar 10 11:33:07.475439 2020] [mpm_event:notice] [pid 3077:tid 139890207614848] AH00491: caught SIGTERM, shutting down
[Tue Mar 10 11:34:37.065103 2020] [mpm_event:notice] [pid 3118:tid 140704305751936] AH00489: Apache/2.4.41 (Unix) OpenSSL/1.0.2g configured -- resuming normal operations
[Tue Mar 10 11:34:37.073086 2020] [core:notice] [pid 3118:tid 140704305751936] AH00094: Command line: 'httpd -d /snap/nextcloud/19299 -D EnableHTTPS -D FOREGROUND'
[Tue Mar 10 11:34:37.089132 2020] [unixd:alert] [pid 3121:tid 140704305751936] AH02155: getpwuid: couldn't determine user name from uid xxxxxxxx, you probably need to modify the User directive
[Tue Mar 10 11:34:37.089131 2020] [unixd:alert] [pid 3120:tid 140704305751936] AH02155: getpwuid: couldn't determine user name from uid xxxxxxxx, you probably need to modify the User directive
[Tue Mar 10 11:34:37.089133 2020] [unixd:alert] [pid 3122:tid 140704305751936] AH02155: getpwuid: couldn't determine user name from uid xxxxxxxx, you probably need to modify the User directive