How to configure the display of user names in Apache access logs when using Nextcloud with LDAP authentication?

Hello, I am using Nextcloud version 25.0.2 with Apache/2.4.57 (Ubuntu) server and user authentication through LDAP. I have encountered an issue with Apache access logs (access.log): user names are not displayed, and instead, a hyphen (-) is shown. Here’s an example log entry: - - [11/Dec/2023:13:12:39 +0300] "GET /index.php/apps/files/ HTTP/1.1" 200 11387

My current LogFormat configuration in Apache looks like this:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined.

What configuration should be added to the Apache/Nextcloud settings to display user names in the Apache logs?

As far as I know, the %u variable in Apache only logs usernames from mod_auth, its own authentication module, i.e. HTTP Basic or Digest authentication.

However, in the case of Nextcloud, Apache doesn’t handle the authentication itself, but passes the requests to a PHP backend. So I guess you’d have to find a way to retrieve the information from the response headers of the respective PHP backend, which is probably easier to do with PHP as an Apache module (mod_PHP) than with PHP-FPM. But I’m not an expert, and I couldn’t find any instructions for Nextcloud.

To be honest, unless there’s a very specific requirement for why you need this, I’d forget about it and use the Nexloud log and for more detailed information the Admin audit log instead.

1 Like