I’m trying to configure LDAP authentication in nextcloud version 9.0.53.
On “Users” tab filter “(|(objectclass=top))” finds 2 users.
But on “Login attributes” filter “(&(|(objectclass=top))(|(samaccountname=%uid)))” doesn’t find any users.
I’m sure there is “samaccountname” attribute with login name in Active Directory object.
So, it doesn’t find them when you specify their samaccountnames and click the test button?
What appears strange to me is that you filter for the top object class. Are you sure it returns users at all?
Yes, right. Not only samaccountnames almost anything except object class.
When I press test button with filter (|(objectclass=%uid) and enter “top” in test field, it shows message “more than one user found”. So active directory connection should work fine.
I have tried to test object class user, and no users have been found.
But AD objects has “top” and “user” values in object class attribute.
Works fine for us(Active Directory) with objectclass user.
Are you sure you’re not getting other LDAP errors? I’m not sure if still needed, but we had similar problems in the past and had to increase the MaxPageSize setting on the AD/LDAP servers.
By default it’s maxed out at 1000, so if you’ve got 1000 groups or other objects(don’t underestimate how many LDAP objects there are, even of your environment does not seem that big ) it could very well be that you’re not getting a single “user” returned.
It’s testing AD domain, so there is no many objects. But I have tried to increase MaxPageSize. This changed nothing.
I haven’t any idea why filtering is not working. Looks like LDAP plugin doesn’t see some attributes at all.
I have found issue cause.
Users must be created in base dn ou. But in my case them was in groups members, and when I tried to search users with filter “(|(objectclass=top))” plugin showed me a groups.
There was 2 group and 2 users, so I got it wrong.
Thanks all. Sorry for disturbing.