LDAP / FreeIPA config adventures

Nextcloud version (eg, 20.0.5): 21
Operating system and version (eg, Ubuntu 20.04): Debian Buster
Apache or nginx version (eg, Apache 2.4.25): nginx 1.18.0
PHP version (eg, 7.4): php (fpm) 7.4.15
Env: LXD container

The issue you are facing:
Failing LDAP App.

Nginx config: (+ push entry)
https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html

Receipe to start, lets make it a user story.

create a LXD (i like LXD more than docker with it’s networking shenanigans).
make a container with Debian Template.
Install nxginx, and Nextcloud.
Configure the Nextcloud and ensure it is normal Functional…

Mix FreeIPA as LDAP server to the mix (FreeIPA is not relevant, LDAP access is).
Enable LDAP module (“Featured”) …
Select Settings LDAP, the LDAP form shows and…
nothing works, buttons non responsive, …

Now one start to wonder… there are articles showing it works, some incident reports that tell it doesn’t and suddenly starts working… So i waited a while., and nope… it didn’t start working. so Bugreport hunting…, not a lot of luck.

Press SHIFT+CTRL/C in the browser and see what happens or not…
Pressing detect:

globals.js:60 $ is deprecated: The global jQuery is deprecated. It will be updated to v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own.
pe @ globals.js:60
get @ globals.js:91
attachSpinner @ wizardTabGeneric.js?v=10ed061e-8:284
onDetectionStarted @ wizardTabGeneric.js?v=10ed061e-8:174
_broadcast @ configModel.js?v=10ed061e-8:393
notifyAboutDetectionStart @ configModel.js?v=10ed061e-8:271
run @ wizardDetectorPort.js?v=10ed061e-8:34
(anonymous) @ configModel.js?v=10ed061e-8:343
next @ wizardDetectorQueue.js?v=10ed061e-8:69
add @ wizardDetectorQueue.js?v=10ed061e-8:55
(anonymous) @ configModel.js?v=10ed061e-8:342
requestWizard @ configModel.js?v=10ed061e-8:345
onPortButtonClick @ wizardTabElementary.js?v=10ed061e-8:316
Xe @ _executeBound.js:8
(anonymous) @ bind.js:10
(anonymous) @ restArguments.js:16
dispatch @ jquery.js:5183
g.handle @ jquery.js:4991
globals.js:60 $ is deprecated: The global jQuery is deprecated. It will be updated to v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own.
pe @ globals.js:60
get @ globals.js:91
attachSpinner @ wizardTabGeneric.js?v=10ed061e-8:286
onDetectionStarted @ wizardTabGeneric.js?v=10ed061e-8:174
_broadcast @ configModel.js?v=10ed061e-8:393
notifyAboutDetectionStart @ configModel.js?v=10ed061e-8:271
run @ wizardDetectorPort.js?v=10ed061e-8:34
(anonymous) @ configModel.js?v=10ed061e-8:343
next @ wizardDetectorQueue.js?v=10ed061e-8:69
add @ wizardDetectorQueue.js?v=10ed061e-8:55
(anonymous) @ configModel.js?v=10ed061e-8:342
requestWizard @ configModel.js?v=10ed061e-8:345
onPortButtonClick @ wizardTabElementary.js?v=10ed061e-8:316
Xe @ _executeBound.js:8
(anonymous) @ bind.js:10
(anonymous) @ restArguments.js:16
dispatch @ jquery.js:5183
g.handle @ jquery.js:4991
globals.js:60 $ is deprecated: The global jQuery is deprecated. It will be updated to v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own.

Oke not really surprising… nothing else showing but a turning circle… no further effect.
Lets push some other buttons: save credentials:

jquery.js:9600 POST https://nc.baggus.net/apps/user_ldap/ajax/wizard.php 500
configModel.js?v=10ed061e-8:166 will not save undefined key: ldap_dn
set @ configModel.js?v=10ed061e-8:166
_requestSave @ wizardTabGeneric.js?v=10ed061e-8:421
(anonymous) @ wizardTabGeneric.js?v=10ed061e-8:363
dispatch @ jquery.js:5183
g.handle @ jquery.js:4991
configModel.js?v=10ed061e-8:166 will not save undefined key: ldap_agent_password
set @ configModel.js?v=10ed061e-8:166
_requestSave @ wizardTabGeneric.js?v=10ed061e-8:421
(anonymous) @ wizardTabGeneric.js?v=10ed061e-8:363
dispatch @ jquery.js:5183
g.handle @ jquery.js:4991

Something isn’t right…

Now i a bit more to search in bugreports…
Bingo:

A working solution… And indeed adding those requires_once’s make it work.

Except the next line makes me curious…

So what could be a configuration error that seems to be aleviated by the require once.

The output of your Apache/nginx/system log in /var/log/____:

xx - - [19/May/2021:21:29:52 +0200] "POST /apps/user_ldap/ajax/wizard.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/53
7.36"
xx - - [19/May/2021:21:33:42 +0200] "POST /apps/user_ldap/ajax/getConfiguration.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212
Safari/537.36"
xx - - [19/May/2021:22:25:13 +0200] "POST /apps/user_ldap/ajax/getConfiguration.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gec
ko) Chrome/90.0.4430.212 Safari/537.36"
xx - - [19/May/2021:22:26:16 +0200] "POST /apps/user_ldap/ajax/getConfiguration.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gec
ko) Chrome/90.0.4430.212 Safari/537.36"
xx - - [19/May/2021:22:26:21 +0200] "POST /apps/user_ldap/ajax/wizard.php HTTP/1.1" 500 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/90.0.4430.212 Safari/537.36"

For some reason or another, LDAP config has been troubesome through all versions AFAICT. So what is the magic config item needed to not break it.

In the NC Error log:

Attempt for Paging? 1		2021-05-19T23:21:37+0200
Error	PHP	Error: ldap_search(): Search: Bad search filter at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#342		2021-05-19T23:21:37+0200
Error	PHP	Error: Trying to access array offset on value of type null at /var/www/nextcloud/apps/user_ldap/lib/Wizard.php#367		2021-05-19T23:11:06+0200
Error	PHP	Error: ldap_get_attributes() expects parameter 2 to be resource, bool given at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#342		2021-05-19T23:11:06+0200
Error	PHP	Error: Trying to access array offset on value of type null at /var/www/nextcloud/apps/user_ldap/lib/Wizard.php#367		2021-05-19T23:10:31+0200
Error	PHP	Error: ldap_get_attributes() expects parameter 2 to be resource, bool given at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#342		2021-05-19T23:10:31+0200
Error	PHP	Error: Trying to access array offset on value of type null at /var/www/nextcloud/apps/user_ldap/lib/Wizard.php#367		2021-05-19T23:09:41+0200
Error	PHP	Error: ldap_get_attributes() expects parameter 2 to be resource, bool given at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#342

The solution seems to be

    # Required for legacy support
    rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

Still needed in NC21, not mentioned in the NGINX Config…
Mentioned in: Setup LDAP Backend not possible · Issue #16194 · nextcloud/server · GitHub
and: Update nginx.rst -- Reworked the Nginx configs by jivanpal · Pull Request #2197 · nextcloud/documentation · GitHub

The UX of Nextcloud could have been so much better…