LDAP-login only works for newly added Nextcloud users

Nextcloud version (eg, 20.0.5): 27.1.5
Operating system and version (eg, Ubuntu 20.04): RedHat Linux Enterprise Server 8.9
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.37
PHP version (eg, 7.4): 8.2.15

The issue you are facing:

We did a LDAP migration. The users were moved to a new LDAP. The username remained identical. We removed the old LDAP connection in Nextcloud so that the users use the new LDAP for authentication. So far, so good.

The login works for LDAP accounts which were never using Nextcloud before. However, all users who were using Nextcloud before the LDAP migration, cannot log in due to allegedly wrong credentials (username or password wrong).

What I have already checked:

  • occ ldap:show-config: the old LDAP connection isn’t listed anymore (as it should be)
  • deleted the user in LDAP group (only members of this LDAP group are synchronized to Nextcloud and may log in to Nextcloud). Afterwards, I checked with “occ ldap:show-remnants” if the user shows up and as soon as the user showed up in this list, I removed the user via command “occ user:delete peter.pan”. Finally, I added the user to the corresponding LDAP group again and waited until the user showed up in Nextcloud Admin portal.
  • according to our firewall logs, the Nextcloud server contacts the new LDAP-server (which is as expected). I didn’t see any communication to the previously used LDAP.

In the meantime, I have upgraded to 27.1.9. However those specific users are still not able to log in :unamused:

Has anyone any idea?

I don’t recall all the specifics off-hand, but the usernames aren’t the only important element AFAIK. There are other dependencies that must be dealt with when doing a migration - e.g.

@jtr Well, the migration already happened. Those other recommended topics have a different character: they were trying to connect the user’s data with the new user-account of the new LDAP. In our case, we do not have to copy any user-data. The only thing which does not work: users, which existed on the old LDAP cannot log in anymore. However, LDAP users who didn’t have access to Nextcloud in the past, can log in (after I gave them access).

It was easier than expected:

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.