I’m running into problems connecting the LDAP-App with our Microsoft AD.
The Server Configuration is OK and all available Groups are listet in the “Users”-Tap.
But the App does not recognize all users that are in the group.
For example, there is a group containing 4 Users, 2 are shown and integrated in the nextcloud, the other two are not.
An other group has 13 Members ,but only 4! are shown.
I’ve tried to search the missing users in the Ubuntu console via. occ ldap:check-user and entered the specific GUID Numbers, which are recognized for the already integrated members of a group but not for the others.
The Groups are mixed “local,global and universal”, all show the same behavior.
I really have no clues, the AD seems ok and there are now mayor differences between the users.
Maybe someone here had the same issue and guide me through it.
Thanks.
please paste ldap search filters from Groups:
for example in my installation I do not set up Groups at all. But for controlling access by group membership I constructed this LDAP search filter on Login Attributes page: (&(&(objectCategory=person)(mail=*)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=ownCloud Users,OU=Groups,DC=example,DC=net))(|(samaccountname=%uid)(mailPrimaryAddress=%uid)(mail=%uid)))
So every user that will be member of “CN=ownCloud Users,OU=Groups,DC=example,DC=net” directly or indirectly (group1 is member of ownCloud group, but one is member of group1 group) will be able to login to server
memberof:1.2.840.113556.1.4.1941 - this construction is correct only for MS Active Directory LDAP
Oh, sorry, I understood incorrectly your problem.
Show your filter on Users Tab from LDAP configuration section. Because only users that match to ldap-filter on User Tab will be listed as users!
I recognized that all users that are imported correctly had the “admincount” Parameter in the AD set to one, tried to just set it for another user, didn’t worked, set myself in the “administrator” group, worked.
By the way, i have no filter in the “Object-classes”, but a filter change doesn’t work,too.
Found the Problem?
The User i was using for the LDAP synchronization was only member of the user group, could list all (former)admins but no normal user. Used a admin account for synchronization, everything works fine.
Thanks.
If anyone encounters an issue where not all LDAP users in a group exists in Nextcloud
iv’e found out that if the user doesn’t have a “display name” in active directory, Nextcloud wouldn’t fetch it
Wow thank you so much.
I imported 2000 users with a powershell script into Microsoft Active Directory and did not set the DiplayName attribute when creating the users. I couldn’t figure out why Nextcloud doesn’t count the users I imported but test users I created manually were counted. I could even verify the settings with these imported users. But the login never worked. Now after setting a DisplayName for every user it works perfectly fine.
Also when users have to change their password at next login they’ll have to do this before they try to login to Nextcloud over a web browser otherwise the login won’t work.
