Well I guess I am not the first to suffer here…
Just deployed NextCloud 16.0.1 on Ubuntu 18.04.2 - overall basic setup went ok.
I am now trying to connect to my Windows AD (running on server 2012R2) and for the life of me I can’t seem to find a correct setup…
From the ubuntu console I can run
root@nextcloud:/mnt/ncdata# ldapsearch -H ldap://172.16.50.201 -x -W -D "nextcloudadmin@mydomain.local" -b "dc=mydomain,dc=local" "(sAMAccountName=nextcloudadmin)"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=local> with scope subtree
# filter: (sAMAccountName=nextcloudadmin)
# requesting: ALL
#
# NextCloud Admin, it, users, mydomain, mydomain.local
dn: CN=NextCloud Admin,OU=it,OU=users,OU=mydomain,DC=mydomain,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: NextCloud Admin
sn: Admin
givenName: NextCloud
distinguishedName: CN=NextCloud Admin,OU=it,OU=users,OU=mydomain,DC=mydomain,DC=local
instanceType: 4
whenCreated: 20190617150705.0Z
whenChanged: 20190617163605.0Z
displayName: NextCloud Admin
uSNCreated: 8696713
memberOf: CN=Domain Admins,CN=Users,DC=mydomain,DC=local
uSNChanged: 8696813
name: NextCloud Admin
objectGUID:: I8ASXlZ2AEulo66xXXqs1g==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 132054473966564210
lastLogon: 132054474986927892
pwdLastSet: 132052576263392341
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA8UjSlUEGghv6yYqXTQwAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 19
sAMAccountName: nextcloudadmin
sAMAccountType: 805306368
userPrincipalName: nextcloudadmin@mydomain.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20190619191537.0Z
dSCorePropagationData: 20190617151311.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 132052629656617077
# search reference
ref: ldap://ForestDnsZones.mydomain.local/DC=ForestDnsZones,DC=mydomain,DC=local
# search reference
ref: ldap://DomainDnsZones.mydomain.local/DC=DomainDnsZones,DC=mydomain,DC=local
# search reference
ref: ldap://mydomain.local/CN=Configuration,DC=mydomain,DC=local
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 1
# numReferences: 3
root@nextcloud:/mnt/ncdata#
Which in my book means
- the target server 172.16.50.201 is indeed reachable and run LDAP
- my user credentials are correct
Log shows a bunch of these
{"reqId":"nITREZFpH0p7xCHmYcE4","level":2,"time":"2019-06-19T19:55:14+00:00","remoteAddr":"172.16.110.27","user":"cloudadmin","app":"user_ldap","method":"POST","url":"/apps/user_ldap/ajax/wizard.php","message":"Configuration Error (prefix s01): login filter does not contain %uid place holder.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","version":"16.0.1.1","id":"5d0a959b72869"}
Two further data points:
I can successfully mount external SMB storage hosted in the Windows domain using same credentials - so I can really “talk” with my windows infra.
I have also tried this syntax for the “user DN” field: CN=nextcloudadmin,CN=Users,DC=domain,DC=local - to no avail
How should I proceed from here ?