Home folder issue when switch ldap server

Nextcloud version _ 25.0.8
Operating system and version _Ubuntu 20.04
Apache or nginx version _Apache2.4.41
PHP version _7.4.3-4ubuntu2.18

The issue you are facing:

Hello. I need change openLDAP server to FreeIPA LDAP Server. I setup second LDAP server with config for FreeIPA. Added settings for override UUID detection. (They have same usernames and 90% user - same uid). Disabled old LDAP server, Enabled new LDAP server, cleaned User/Groupname-LDAP Mapping. I can login with credintials from FreeIPA and all files/access rules etc stay here. But I have errors with this. First, when I try create file with onlyoffice, I have error: Cannot create file from template, but it’s fixed, when i create template. Second problem i can’t fix. When i try download file, which was created using an old LDAP server i have page with error id. After this file missing. But I can upload and download file, when i create it, when using FreeIPA LDAP. This problem does not exist if you download files from group folders.

Is this the first time you’ve seen this error? Yes

Steps to replicate it:

  1. Connect Nextcloud to openLDAP server
  2. Create files in home folder
  3. Switch LDAP server to FreeIPA
  4. Try create/download/edit files in home folder

The output of your Nextcloud log in Admin > Logging:

[webdav] Error: Sabre\DAV\Exception\ServiceUnavailable: Cannot open file at <<closure>>

0. /srv/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 85
   OCA\DAV\Connector\Sabre\File->get()
1. /srv/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php line 89
   Sabre\DAV\CorePlugin->httpGet()
2. /srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 472
   Sabre\DAV\Server->emit()
3. /srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 253
   Sabre\DAV\Server->invokeMethod()
4. /srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 321
   Sabre\DAV\Server->start()
5. /srv/nextcloud/apps/dav/appinfo/v1/webdav.php line 85
   Sabre\DAV\Server->exec()
6. /srv/nextcloud/remote.php line 172
   require_once("/srv/nextcloud/ ... p")

GET /remote.php/webdav/%D0%9E%D0%B1%D1%89%D0%B0%D1%8F%20%D1%82%D0%B0%D0%B1%D0%BB%D0%B8%D1%86%D0%B0%20%D0%BF%D0%BE%20%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D0%BC.xlsx?downloadStartSecret=nh91r5ik2dl
from 10.172.17.11 by username at 2024-06-06T14:28:57+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' =>
  array (
    0 => 'nextcloud2.some.domain',
    1 => 'onlyoffice.some.domain',
  ),
  'datadirectory' => '/srv/nextcloud/data',
  'dbtype' => 'pgsql',
  'version' => '25.0.8.2',
  'overwrite.cli.url' => 'https://nextcloud2.some.domain',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => '***',
  'installed' => true,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'default_language' => 'ru',
  'auth.webauthn.enabled' => false,
  'lost_password_link' => 'disabled',
  'skeletondirectory' => '',
  'onlyoffice' =>
 array (
    'jwt_secret' => '***',
    'jwt_header' => 'AuthorizationJwt',
  ),
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'htaccess.RewriteBase' => '/',
  'default_phone_region' => 'RU',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 1,
  'log_type' => "file",
  'logfile' => '/var/log/nextcloud/nextcloud.log',

The output of your Apache/nginx/system log in /var/log/apache2/error.log:

[Thu Jun 06 17:29:08.272851 2024] [access_compat:error] [pid 11994] [client 10.172.17.11:49320] AH01797: client denied by server configuration: /srv/nextcloud/data/.ocdata

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{"reqId":"NpV0hVfWj6kzmFYcKx8A","level":3,"time":"June 06, 2024 14:35:58","remoteAddr":"10.172.17.11","user":"username","app":"webdav","method":"GET","url":"/remote.php/webdav/%D0%9F%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D1%8B%20%D0%90%D0%9E%D0%9C.xlsx?downloadStartSecret=***","message":"Cannot open file","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0","version":"25.0.8.2","exception":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"\u041d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0444\u0430\u0439\u043b","Code":0,"Trace":[{"file":"/srv/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":85,"function":"get","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->"},{"file":"/srv/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpGet","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/srv/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/srv/nextcloud/apps/dav/appinfo/v1/webdav.php","line":85,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/srv/nextcloud/remote.php","line":172,"args":["/srv/nextcloud/apps/dav/appinfo/v1/webdav.php"],"function":"require_once"}],"File":"/srv/nextcloud/apps/dav/lib/Connector/Sabre/File.php","Line":497,"message":"Cannot open file","exception":{},"CustomMessage":"Cannot open file"}}

Also, i try change directory_uuid value in oc_user_ldap_mapping tables in DB to old value. (It’s different when using openLDAP server and FreeIPA Server). it’s no effect.