Dear all,
I’m using nextcloud/owncloud for years now but I’m facing an issue that I cannot solve.
I think that this appeared where I updated to nextcloud 16.0 but I cannot guaranty this. This is a non deterministic behavior. I would say that more than 90% of the time, where users try to login into nextcloud they get the “Internal server error message” and the root cause is this:
{"reqId":"PrwcdqQ6SPwuTtzARQZu","level":3,"time":"2019-10-14T11:29:04+00:00","remoteAddr":"37.164.255.44","user":"--","app":"index","method":"POST","url":"\/login","message":{"Exception":"OC\\ServerNotAvailableException","Message":"Lost connection to LDAP server.","Code":0,"Trace":[{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/LDAP.php","line":388,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->","args":[null]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/LDAP.php","line":311,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->","args":[]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/LDAP.php","line":203,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"function":"search","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":1104,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\LDAP"},"*** sensitive parameter replaced ***"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":1125,"function":"OCA\\User_LDAP\\{closure}","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":1160,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":1317,"function":"executeSearch","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***",500,"*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":1002,"function":"search","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":903,"function":"searchUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":877,"function":"fetchListOfUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_LDAP.php","line":174,"function":"fetchUsersByLoginName","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_LDAP.php","line":191,"function":"getLDAPUserByLoginName","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameter replaced ***"]},{"function":"checkPassword","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_Proxy.php","line":81,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\User_LDAP"},"checkPassword"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Proxy.php","line":152,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_Proxy.php","line":196,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/lib\/private\/User\/Manager.php","line":212,"function":"checkPassword","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/UidLoginCommand.php","line":49,"function":"checkPasswordNoLogging","class":"OC\\User\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/PreLoginHookCommand.php","line":52,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/lib\/private\/Authentication\/Login\/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/core\/Controller\/LoginController.php","line":298,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":170,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/App.php","line":126,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/html\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/html\/lib\/base.php","line":1000,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/var\/www\/html\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/html\/apps\/user_ldap\/lib\/LDAP.php","Line":349,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36","version":"17.0.0.9"}
As you can see in the logs, I just updated to nextcloud 17.0.0 to see if the problem persist but unfortunately yes.
When I login using the admin account, if I go in the ldap configuration, everything is green: I can retrieve users, groups etc…
I spent hours to try to understand but I’m completely lost.
Here is the ldap cnfiguration (openldap):
+-------------------------------+--------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+--------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=admin,dc=maatg,dc=fr |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | cn;description |
| ldapAttributesForUserSearch | uid |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=maatg,dc=fr |
| ldapBaseGroups | dc=maatg,dc=fr |
| ldapBaseUsers | dc=maatg,dc=fr |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 1 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | objectclass=groupOfNames |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldap.gnubila.fr |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (|(&(objectclass=inetOrgPerson)(uid=%uid))(&(objectclass=inetOrgPerson)(mail=%uid))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | 0 |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 1 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | cn |
| ldapUserDisplayName2 | |
| ldapUserFilter | objectclass=inetOrgPerson |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+--------------------------------------------------------------------------------------+
Could someone guide me please to solve this issue ?
Thanks in advance,
Best,
Jerome