Nextcloud version: 26.0.1
Operating system and version: docker container nextcloud:26.0.1-apache
Apache or nginx version: 2.4.56
PHP version: 8.1.19
LDAP user and group backend: 1.16.0
The issue you are facing:
LDAP settings with FreeIPA are executed correctly, authorization works. When I enable the “Enable LDAP password changes per user” option and specify the “Default password policy DN” field, I get an error.
Is this the first time you’ve seen this error?:Y
Steps to replicate it:
- Configure Default password policy DN:
Administration → LDAP LDAP/AD integration → Advanced
Enable LDAP password changes per user: checked
Default password policy DN: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com - Login with LDAP user.
- See an error.
FreeIPA uses krbPasswordExpiration papameter, and global_policy:
dn: cn=global_policy,cn=kerberos,dc=example,dc=com
krbMinPwdLife: 0
objectClass: top
objectClass: nsContainer
objectClass: krbPwdPolicy
objectClass: ipaPwdPolicy
krbPwdMinDiffChars: 0
krbPwdMinLength: 8
krbPwdHistoryLength: 0
krbMaxPwdLife: 7776000
krbPwdMaxFailure: 6
krbPwdFailureCountInterval: 60
krbPwdLockoutDuration: 600
passwordGraceLimit: -1
cn: global_policy
Stack trace:
Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.
Technical details
Remote Address: 10.81.0.108
Request ID: PcWo0bRcmqv2KHSkonuD
Type: Exception
Code: 0
Message: array_key_exists(): Argument #2 ($array) must be of type array, null given in file '/var/www/html/apps/user_ldap/lib/User/User.php' line 652
File: /var/www/html/lib/private/AppFramework/Http/Dispatcher.php
Line: 169
Trace
#0 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Core\Controller\LoginController), 'tryLogin')
#1 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('OC\\Core\\Control...', 'tryLogin', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#2 /var/www/html/lib/base.php(1056): OC\Route\Router->match('/login')
#3 /var/www/html/index.php(36): OC::handleRequest()
#4 {main}
Previous
#0 /var/www/html/apps/user_ldap/lib/User/User.php(652): array_key_exists('pwdpolicysubent...', NULL)
#1 /var/www/html/lib/private/legacy/OC_Hook.php(105): OCA\User_LDAP\User\User->handlePasswordExpiry(Array)
#2 /var/www/html/lib/private/Server.php(624): OC_Hook::emit('OC_User', 'post_login', Array)
#3 [internal function]: OC\Server->OC\{closure}(Object(OC\User\User), 'user', 'password', false)
#4 /var/www/html/lib/private/Hooks/EmitterTrait.php(105): call_user_func_array(Object(Closure), Array)
#5 /var/www/html/lib/private/Hooks/PublicEmitter.php(40): OC\Hooks\BasicEmitter->emit('\\OC\\User', 'postLogin', Array)
#6 /var/www/html/lib/private/User/Session.php(401): OC\Hooks\PublicEmitter->emit('\\OC\\User', 'postLogin', Array)
#7 /var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php(43): OC\User\Session->completeLogin(Object(OC\User\User), Array)
#8 /var/www/html/lib/private/Authentication/Login/ALoginCommand.php(39): OC\Authentication\Login\CompleteLoginCommand->process(Object(OC\Authentication\Login\LoginData))
#9 /var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php(60): OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(Object(OC\Authentication\Login\LoginData))
#10 /var/www/html/lib/private/Authentication/Login/ALoginCommand.php(39): OC\Authentication\Login\LoggedInCheckCommand->process(Object(OC\Authentication\Login\LoginData))
#11 /var/www/html/lib/private/Authentication/Login/EmailLoginCommand.php(68): OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(Object(OC\Authentication\Login\LoginData))
#12 /var/www/html/lib/private/Authentication/Login/ALoginCommand.php(39): OC\Authentication\Login\EmailLoginCommand->process(Object(OC\Authentication\Login\LoginData))
#13 /var/www/html/lib/private/Authentication/Login/UidLoginCommand.php(53): OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(Object(OC\Authentication\Login\LoginData))
#14 /var/www/html/lib/private/Authentication/Login/ALoginCommand.php(39): OC\Authentication\Login\UidLoginCommand->process(Object(OC\Authentication\Login\LoginData))
#15 /var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php(57): OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(Object(OC\Authentication\Login\LoginData))
#16 /var/www/html/lib/private/Authentication/Login/ALoginCommand.php(39): OC\Authentication\Login\UserDisabledCheckCommand->process(Object(OC\Authentication\Login\LoginData))
#17 /var/www/html/lib/private/Authentication/Login/PreLoginHookCommand.php(52): OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(Object(OC\Authentication\Login\LoginData))
#18 /var/www/html/lib/private/Authentication/Login/Chain.php(107): OC\Authentication\Login\PreLoginHookCommand->process(Object(OC\Authentication\Login\LoginData))
#19 /var/www/html/core/Controller/LoginController.php(326): OC\Authentication\Login\Chain->process(Object(OC\Authentication\Login\LoginData))
#20 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OC\Core\Controller\LoginController->tryLogin(Object(OC\Authentication\Login\Chain), 's.nesterkov', 'Drozd28()', NULL, 'Europe/Moscow', '3')
#21 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OC\Core\Controller\LoginController), 'tryLogin')
#22 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Core\Controller\LoginController), 'tryLogin')
#23 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('OC\\Core\\Control...', 'tryLogin', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#24 /var/www/html/lib/base.php(1056): OC\Route\Router->match('/login')
#25 /var/www/html/index.php(36): OC::handleRequest()
#26 {main}