LDAP InvalidArgumentException

ldap
#1

I am running NextCloud with Synology Directory Server for LDAP. All the LDAP setting is passed. I have also use this LDAP Server on other applications.

I am trying to fix this but I don’t understand uid for 'uid=username,cn=users,dc=ldap,dc=example,dc=com' must not be an empty string.

{
	"reqId" : "uNAeMmGroqA1r5mYYGu3",
	"level" : 3,
	"time" : "2017-10-16T15:11:25+00:00",
	"remoteAddr" : "172.18.0.1",
	"user" : "--",
	"app" : "user_ldap",
	"method" : "POST",
	"url" : "\/index.php\/login?user=username",
	"message" : "uid for 'uid=username,cn=users,dc=ldap,dc=example,dc=com' must not be an empty string",
	"userAgent" : "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/61.0.3163.100 Safari\/537.36",
	"version" : "12.0.3.3"
}{
	"reqId" : "uNAeMmGroqA1r5mYYGu3",
	"level" : 3,
	"time" : "2017-10-16T15:11:25+00:00",
	"remoteAddr" : "172.18.0.1",
	"user" : "--",
	"app" : "index",
	"method" : "POST",
	"url" : "\/index.php\/login?user=username",
	"message" : "Exception: {\"Exception\":\"InvalidArgumentException\",\"Message\":\"uid must not be an empty string!\",\"Code\":0,\"Trace\":\"#0 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User\\\/Manager.php(131): OCA\\\\User_LDAP\\\\User\\\\User->__construct('', 'uid=avalonjoshu...', Object(OCA\\\\User_LDAP\\\\Access), Object(OC\\\\AllConfig), Object(OCA\\\\User_LDAP\\\\FilesystemHelper), Object(OCP\\\\Image), Object(OCA\\\\User_LDAP\\\\LogWrapper), Object(OC\\\\AvatarManager), Object(OC\\\\User\\\\Manager), Object(OC\\\\Notification\\\\Manager))\\n#1 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User\\\/Manager.php(222): OCA\\\\User_LDAP\\\\User\\\\Manager->createAndCache('uid=avalonjoshu...', '')\\n#2 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User\\\/Manager.php(248): OCA\\\\User_LDAP\\\\User\\\\Manager->createInstancyByUserName('')\\n#3 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(829): OCA\\\\User_LDAP\\\\User\\\\Manager->get('')\\n#4 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(807): OCA\\\\User_LDAP\\\\Access->batchApplyUserAttributes(Array)\\n#5 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(780): OCA\\\\User_LDAP\\\\Access->fetchListOfUsers('(&(&(|(objectcl...', Array)\\n#6 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(136): OCA\\\\User_LDAP\\\\Access->fetchUsersByLoginName('username', Array)\\n#7 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(153): OCA\\\\User_LDAP\\\\User_LDAP->getLDAPUserByLoginName('username')\\n#8 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#9 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(71): call_user_func_array(Array, Array)\\n#10 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(150): OCA\\\\User_LDAP\\\\User_Proxy->walkBackends('username', 'checkPassword', Array)\\n#11 \\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(186): OCA\\\\User_LDAP\\\\Proxy->handleRequest('username', 'checkPassword', Array)\\n#12 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/User\\\/Manager.php(216): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#13 \\\/config\\\/www\\\/nextcloud\\\/core\\\/Controller\\\/LoginController.php(231): OC\\\\User\\\\Manager->checkPasswordNoLogging(*** sensitive parameters replaced ***)\\n#14 [internal function]: OC\\\\Core\\\\Controller\\\\LoginController->tryLogin(*** sensitive parameters replaced ***)\\n#15 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(160): call_user_func_array(Array, Array)\\n#16 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(90): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Core\\\\Controller\\\\LoginController), 'tryLogin')\\n#17 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(114): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Core\\\\Controller\\\\LoginController), 'tryLogin')\\n#18 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Core\\\\\\\\Control...', 'tryLogin', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#19 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#20 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#21 \\\/config\\\/www\\\/nextcloud\\\/lib\\\/base.php(1004): OC\\\\Route\\\\Router->match('\\\/login')\\n#22 \\\/config\\\/www\\\/nextcloud\\\/index.php(48): OC::handleRequest()\\n#23 {main}\",\"File\":\"\\\/config\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User\\\/User.php\",\"Line\":129}",
	"userAgent" : "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/61.0.3163.100 Safari\/537.36",
	"version" : "12.0.3.3"
}
New users are not created from LDAP
#2

I’m testing out NextCloud within our domain. When I set up my initial configuration I used my own AD creds to make sure it could connect to LDAP. Once it connected and saw the appropriate users and groups I attempted to login and could not. Every single other user is able to connect and use NextCloud without any issue except for me at the moment. When I look into logging I see this same error message

uid=username,cn=users,dc=ldap,dc=example,dc=com’ must not be an empty string.

I went back into the config and changed the creds for LDAP/AD integration to a service account and tried again and it’s still giving me the same thing for my account. Have you been able to get anywhere in your findings?

#3

I get the same messages at a Nextcloud which I just updated to 14.0.1.0 (issue was present before update at 13.0.6). One AD-user does not show up at the user screen and is unable to log in, the 19 other users don’t have issues.

When checking the user count with sudo -u www-data php occ user:report I see all 20 LDAP users, but the ldap:search does not find the one who has issues.

Does anyone have a clue what could cause this behaviour?

#4

As I didn’t find a solution searching this forum, github and google all the way, here’s the solution for it:

It looks like the specific user has not been imported to the nextcloud user database completely, if you check with mysql, you’ll see something like this:

MariaDB [nextcloud]> select * from oc_ldap_user_mapping;
+---------------------------------------------------------------+------------------+--------------------------------------+
| ldap_dn                                                       | owncloud_name    | directory_uuid                       |
+---------------------------------------------------------------+------------------+--------------------------------------+
| cn=vorname nachname,ou=benutzer,dc=firma,dc=local             |                  | C428E12D-2F17-4B74-8C9F-70B8A17AD0FF |
+---------------------------------------------------------------+------------------+--------------------------------------+

The column owncloud_name should contain the username but it’s empty in this case.
When you delete this incomplete user account, nextcloud should be able to import it completely.