LDAP Login: Could not get user object for DN <proper-DN-here>. Maybe the LDAP entry has no set display name attribute?

  • Nextcloud 20.0.5
  • FreeIPA 4.6.8
  • CentOS 7 with all updates as of jan5, 2021

I installed FreeIPA and it’s working just fine with other Web-apps for user authetication - i.e. pfSense and some other). Also I can find anything in LDAP using ldapsearch and the bind user account.

However, with NextCloud 20.05 I’m getting this message no matter what: :frowning:

{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx”,”user”:”–“,”app”:”user_ldap”,”method”:”POST”,”url”:”/index.php/login”,”message”:”LDAP Login: Could not get user object for DN uid=user,cn=users,cn=accounts,dc=xxxxxxx,dc=xx. Maybe the LDAP entry has no set display name attribute?”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}
{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx″,”user”:”–“,”app”:”no app in context”,”method”:”POST”,”url”:”/index.php/login”,”message”:”Login failed: user (Remote IP: 10.0.xx.xx)”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}

NextCloud says LDAP configuration is OK – here it is

Server tab

  • Base DN: cn=accounts,dc=xxxxxxx,dc=xx

  • Manually enter LDAP filters (recommended for large directories)

  • LDAP Query on Users tab: (&(objectclass=posixaccount))

  • LDAP Query on Login Attributes tab: (&(objectClass=posixaccount)(uid=%uid))

  • LDAP Query on Groups tab (&(objectClass=posixgroup)(cn=nextcloud))

All green indicators everywhere and all LDAP checks and user/group searches returns proper results

Advanced tab:

  • User Display Name Field: displayname
  • 2nd User Display Name Field:
  • Base User Tree: cn=users,cn=accounts,dc=xxxxxxx,dc=xx
  • User Search Attributes:
  • Group Display Name Field: cn
  • Base Group Tree: cn=groups,cn=accounts,dc=xxxxxxx,dc=xx
  • Group-Member association: gidNumber
  • Email Field: mail
  • User Home Folder Naming Rule: uid

Expert tab:

  • Internal Username: uid
  • UUID Attribute for Users: ipaUniqueID
  • UUID Attribute for Groups: ipaUniqueID

No luck.

Can anybody suggest something? So far I feel it’s an FreeIPA-related bug in the nextCloud LDAP app.

@EvgenyVasilchenko (or anyone really) did you ever get to the bottom of this, I am in the exact same situation, and GoogleFu suggests this is a common problem however I can’t seem to find a stadard answer

Hi, i was struggling with this issue as well. What helped in my case was this fix . Basically going to Expert part of the LDAP configuration and changing “Internal Username Attribute” to “cn” and UUID Attribute for Users to “uid” finally allowed the LDAP users to log in.

1 Like