- Nextcloud 20.0.5
- FreeIPA 4.6.8
- CentOS 7 with all updates as of jan5, 2021
I installed FreeIPA and it’s working just fine with other Web-apps for user authetication - i.e. pfSense and some other). Also I can find anything in LDAP using ldapsearch and the bind user account.
However, with NextCloud 20.05 I’m getting this message no matter what:
{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx”,”user”:”–“,”app”:”user_ldap”,”method”:”POST”,”url”:”/index.php/login”,”message”:”LDAP Login: Could not get user object for DN uid=user,cn=users,cn=accounts,dc=xxxxxxx,dc=xx. Maybe the LDAP entry has no set display name attribute?”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}
{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx″,”user”:”–“,”app”:”no app in context”,”method”:”POST”,”url”:”/index.php/login”,”message”:”Login failed: user (Remote IP: 10.0.xx.xx)”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}
NextCloud says LDAP configuration is OK – here it is
Server tab
-
Base DN: cn=accounts,dc=xxxxxxx,dc=xx
-
Manually enter LDAP filters (recommended for large directories)
-
LDAP Query on Users tab: (&(objectclass=posixaccount))
-
LDAP Query on Login Attributes tab: (&(objectClass=posixaccount)(uid=%uid))
-
LDAP Query on Groups tab (&(objectClass=posixgroup)(cn=nextcloud))
All green indicators everywhere and all LDAP checks and user/group searches returns proper results
Advanced tab:
- User Display Name Field: displayname
- 2nd User Display Name Field:
- Base User Tree: cn=users,cn=accounts,dc=xxxxxxx,dc=xx
- User Search Attributes:
- Group Display Name Field: cn
- Base Group Tree: cn=groups,cn=accounts,dc=xxxxxxx,dc=xx
- Group-Member association: gidNumber
- Email Field: mail
- User Home Folder Naming Rule: uid
Expert tab:
- Internal Username: uid
- UUID Attribute for Users: ipaUniqueID
- UUID Attribute for Groups: ipaUniqueID
No luck.