LDAP Authentification failes - user object has no set display name attribute

ℹ️ Support
1

LDAP Authentification failes - Messagelog: user object has no set display name attribute

Hi trying to connect LDAP to NC. Always get message:

[user_ldap] Warning: LDAP Login: Could not get user object for DN uid=mmustermann, ou=people,dc=DOMAIN,dc=de. Maybe the LDAP entry has no set display name attribute?

Due to LDAP Search, everything seems to be fine, but we have idea, that " displayName" has to be supplied not by “cn” as in our case. Can you confirm this or do you know workaround.

DOMAIN and UID were changed due to privacy
user@server:~$ ldapsearch -x -b “ou=People, dc=DOMAIN,dc=de” -H ldaps://ldapproxy.DOMAIN.de -D “cn=admin-nextcloud,ou=AuthConsumer,dc=DOMAIN,dc=de” -W “uid=mmustermann”
Enter LDAP Password:

extended LDIF

LDAPv3

base <ou=People, dc=DOMAIN,dc=de> with scope subtree

filter: uid=mmustermann

requesting: ALL

mmustermann, People, DOMAIN.de

dn: uid=mmustermann,ou=People,dc=DOMAIN,dc=de
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: schacPersonalCharacteristics
uid: mmustermann
cn: Max Mustermann
mail: mmustermann@DOMAIN.de

search result

search: 2
result: 0 Success

numResponses: 2

numEntries: 1

LDAP /AD Integration APP:

Server:
ou=People,dc=DOMAIN,dc=de

Adcanced settings:
Field Showname User: cn

Base-Usertree: ou=People,dc=DOMAIN,dc=de

Field Showname Group: cn

Base-Grouptree: ou=People,dc=DOMAIN,dc=de

User:
Oblectclass: person
LDAP Filter: (|(objectclass=person))

Login-Attribute:
LDAP-/AD-Benutzername: check
LDAP-/AD-E-Mail-Adresse: check
LDAP-Filter: (&(|(objectclass=person))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))

Groups:
Oblectclass: person
LDAP-Filter: (&(|(objectclass=person)))

Nextcloud version ( 18.0.4):
Operating system and version (Ubuntu 18.04):
Apache (Apache 2.4.29):
PHP version ( 7.2):

Can anyone help?
Thanks in Advance!

2

Hello, i have the same issue?
my ldap server is an HCL Domino Server.
i hope there is an workaround or an fix avilable.
Thanks thomas

3

Same issue here with Domino LDAP. Have you find a solution yet?

Thanks!

4

Similar issue here. but our LDAP is set up to separate account and person entries.
So,
uid=fred,ou=Accounts,dc=example,dc=com,dc=au
contains
cn: Fred Flintstone
and
cn=Fred Flintstone,ou=People,dc=example,dc=com,dc=au
contains
displayName: Fred Flintstone
uid: fred

5

So the question I have is, how can I separate the DN for logging into the server (uid=%uid,ou=Accounts,dc=example,dc=com,dc=au) from the one to look up for attributes?
(-B ou=People,dc=example,dc=com,dc=au (uid=%uid))