LDAP Login: Could not get user object for DN <proper-DN-here>. Maybe the LDAP entry has no set display name attribute?

  • Nextcloud 20.0.5
  • FreeIPA 4.6.8
  • CentOS 7 with all updates as of jan5, 2021

I installed FreeIPA and it’s working just fine with other Web-apps for user authetication - i.e. pfSense and some other). Also I can find anything in LDAP using ldapsearch and the bind user account.

However, with NextCloud 20.05 I’m getting this message no matter what: :frowning:

{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx”,”user”:”–“,”app”:”user_ldap”,”method”:”POST”,”url”:”/index.php/login”,”message”:”LDAP Login: Could not get user object for DN uid=user,cn=users,cn=accounts,dc=xxxxxxx,dc=xx. Maybe the LDAP entry has no set display name attribute?”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}
{“reqId”:”YAH-4jJXfxPdTzUBDa6yPAAAAAA”,”level”:2,”time”:”2021-01-15T20:49:39+00:00″,”remoteAddr”:”10.0.xx.xx″,”user”:”–“,”app”:”no app in context”,”method”:”POST”,”url”:”/index.php/login”,”message”:”Login failed: user (Remote IP: 10.0.xx.xx)”,”userAgent”:”Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0″,”version”:”20.0.5.2″}

NextCloud says LDAP configuration is OK – here it is

Server tab

  • Base DN: cn=accounts,dc=xxxxxxx,dc=xx

  • Manually enter LDAP filters (recommended for large directories)

  • LDAP Query on Users tab: (&(objectclass=posixaccount))

  • LDAP Query on Login Attributes tab: (&(objectClass=posixaccount)(uid=%uid))

  • LDAP Query on Groups tab (&(objectClass=posixgroup)(cn=nextcloud))

All green indicators everywhere and all LDAP checks and user/group searches returns proper results

Advanced tab:

  • User Display Name Field: displayname
  • 2nd User Display Name Field:
  • Base User Tree: cn=users,cn=accounts,dc=xxxxxxx,dc=xx
  • User Search Attributes:
  • Group Display Name Field: cn
  • Base Group Tree: cn=groups,cn=accounts,dc=xxxxxxx,dc=xx
  • Group-Member association: gidNumber
  • Email Field: mail
  • User Home Folder Naming Rule: uid

Expert tab:

  • Internal Username: uid
  • UUID Attribute for Users: ipaUniqueID
  • UUID Attribute for Groups: ipaUniqueID

No luck.

Can anybody suggest something? So far I feel it’s an FreeIPA-related bug in the nextCloud LDAP app.

@EvgenyVasilchenko (or anyone really) did you ever get to the bottom of this, I am in the exact same situation, and GoogleFu suggests this is a common problem however I can’t seem to find a stadard answer