LDAP Mystery - cannot even test base DN

–Cant even get past the initial Base DN setup for LDAP.
–Detect port fails to detect, base dn fails to detect.
–After I fill in the IP address, port, user and Base DN. The Test DN fails.

LDAP server being connected to (Windows 2008R2)
Nextcloud version (11.0.1):
Operating system and version _(CentOS 7)
Apache or nginx version _(nginx)
PHP version _(7.0.15) Installed from Webtatic repo
MySQL 5.5.52
Is this the first time you’ve seen this error?: NO

NOTE1: Owncloud 9 has same error
NOTE2: I installed ldapsearch on the same machine (using same ports) and have no problem listing entries from the same windows server.
NOTE3: working ldapsearch string: ldapsearch -x -h 10.0.49.27 -D “owncloud.connect” -W -x “(&(objectclass=inetOrgPerson)(uid=nxtclduser))” -b “dc=cognops,dc=local”
NOTE4: I am thinking this may be a php7 issue.
NOTE5: If I fill in all the rest of the informatio for LDAP user strings, etc. Nextcloud can still not connect to LDAP, nor have a successful test of Base DN.

Base LDAP Setup:
Server: 10.0.49.27
Port: 389
User: CN=owncloud.connect,OU=Automation,DC=cognops,DC=local
Password: *******************
Dase DN: DC=cognops,DC=local

The output of your Nextcloud log in Admin > Logging:
Configuration Error (prefix ): login filter does not contain %uid place holder. 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): No LDAP Login Filter given! 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): No LDAP Port given! 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): login filter does not contain %uid place holder. 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): No LDAP Login Filter given! 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): No LDAP Port given! 2017-02-24T18:43:31-0600
Warning user_ldap Configuration Error (prefix ): login filter does not contain %uid place holder.

******************The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => '************', 'passwordsalt' => '********************', 'secret' => '*******************', 'trusted_domains' => array ( 0 => '10.0.49.40', ), 'datadirectory' => '/usr/share/nginx/html/nextcloud/data', 'overwrite.cli.url' => 'https://10.0.49.40', 'dbtype' => 'mysql', 'version' => '11.0.1.2', 'dbname' => 'nextcloud_db', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => '***************', 'dbpassword' => '****************', 'logtimezone' => 'UTC', 'installed' => true, 'ldapIgnoreNamingRules' => false, 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', ); **************The output of your Apache/nginx/system log in `/var/log/____`: 2017/02/24 19:17:18 [error] 30301#0: *580 access forbidden by rule, client: 10.0.49.104, server: cloud.nextcloud.co, request: "GET /data/.ocdata?t=1487981838289 HTTP/1.1"$ 2017/02/24 19:41:03 [error] 30307#0: *841 access forbidden by rule, client: 10.0.49.104, server: cloud.nextcloud.co, request: "GET /data/.ocdata?t=1487983263617 HTTP/1.1"$ 2017/02/24 19:41:06 [error] 30306#0: *849 access forbidden by rule, client: 10.0.49.104, server: cloud.nextcloud.co, request: "GET /data/.ocdata?t=1487983266030 HTTP/1.1"$ 2017/02/24 19:43:30 [error] 30307#0: *841 access forbidden by rule, client: 10.0.49.104, server: cloud.nextcloud.co, request: "GET /data/.ocdata?t=1487983410512 HTTP/1.1"$ ---

Anybody have any ideas?

the errors in your log point to a configuration error. did you check the “Login Attributes” section?

I get the same errors, with the exact same info I can use in ldapadmin browser to connect and browse to my AD server?

My errors
Warning user_ldap Configuration Error (prefix ): login filter does not contain %uid place holder.
Warning user_ldap Configuration Error (prefix ): No LDAP Login Filter given!

Below are my nextcloud settings, note this is a test server:

ldaps://192.168.0.7 (I’ve used my FQDN testad, or testad.xxx.xx.xx I’ve also user ldap://xxx
I’ve used port 389 or 636
uid=administrator,cn=users,dc=testad,dc=sd57,dc=bc,dc=ca
Password xxxxxxxxxx
DN dc=testad,dc=sd57,dc=bc,dc=ca

My ldapadmin browser that work settings
Host testad
port 636
Base: DC=testad,DC=sd57,DC=bc,DC=ca
Simple Authentication, SSL
Username cn=administrator,cn=users,dc=testad,dc,xxx,dc=xx,dc=xx
Password xxxxxx
On ldapadmin I do get a warning that I can verify the cert, but I just click OK and it works.
Any thoughts?

hi kibade.

sorry for the late answer. did you solve your problem?
if not: i would have a look at your used DNs.

  • uid=administrator,cn=users,dc=testad,dc=sd57,dc=bc,dc=ca
  • cn=administrator,cn=users,dc=testad,dc,xxx,dc=xx,dc=xx

are two entirely different entries!

That was me trying different accounts in case it was some sort of LDAP issue.

I finally solved this by installing Nextcloud on Ubuntu instead of CentOS. Same exact install, same versions of PHP and NGINX.

And no, it wasn’t SELinux. (I had disabled it at some point during testing) I still don’t really know why it didn’t work.

Hi all, found solution here

https://www.linuxquestions.org/questions/linux-server-73/ldap-authentication-error-[can't-contact-ldap-server]-from-apache-httpd-920907/

If your enviroment is Centos with selinux enabled, you have to let apache connect to ldap

Check with

#getsebool -a|grep ldap

enable with

#setsebool httpd_can_connect_ldap 1

and restart apache.

2 Likes

Did the work here
Nextcloud on Redhat.

Thank you

This was still relevant today when I was trying to get it to work on Rocky Linux. Thanks.

Hi guys. i exactly the same problem but the point is i have no selinux present. i have ubuntu 20.04 with no selinux. output of sestatus command:

sestatus

Command ‘sestatus’ not found, but can be installed with:

apt install policycoreutils