LDAP-Nextcloud password change by user fails


In a Nextcloud 18.0.4 (also 18.0.3) LDAP is used for authentication.
When a user tries to change his/her password the reply is: wrong password.
Please advice as how to fix this.

The password entered for password change is the same as the password for/on succesful login. The new password is according to Nextcloud a Strong password.

The nextcoud log reports
{“reqId”:“qQsZ2AYRrVSTeQISMfE1”,“level”:2,“time”:“2020-05-27T17:48:46+00:00”,“remoteAddr”:“”,“user”:“7f105030-322e-103a-887b-0d3cb372f381”,“app”:“core”,“method”:“POST”,“url”:"/index.php/settings/personal/changepassword",“message”:“Login failed: ‘7f105030-322e-103a-887b-0d3cb372f381’ (Remote IP: ‘’)”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36”,“version”:“”}

The (test) Server system

  • Intel NUC 8GBRam, 500GB SSD, I3 processor
  • OS is Debian Buster (10) all updated,
  • LDAP is from de Debian repo and fully updated. Installation according to Nextcloud info
    Both the servers (LDAP/Nextcloud) run on the same hardware server (i3 Intel)
    All tests and errors are conducted and produced on a internal IP4 only network/LAN with no FW or router blocks. Server, Workstation Windows10 home and browser Chrome fully updated/patched.

Please advise on how to fix this issue.


Hi Eric,

two thoughts about that issue:

  1. Check if you have enabled under LDAP / AD integration > Advanced > Enable LDAP password changes per user
  2. Check your Login Attributes: For me it helped adding these two filter entries (|(uid=%uid)(|(sAMAccountName=%uid))

Good luck.

Cheers Christian

Hi Christian, and others

No luck after adding (sAMAccountName=%uid)), the (|(uid=%uid) was allready there.
The query is: (&(|(objectclass=inetOrgPerson))(|(uid=%uid)(|(cn=%uid)(displayName=%uid)(gidNumber=%uid)(givenName=%uid)(objectClass=%uid)(sn=%uid)(uidNumber=%uid)(|(sAMAccountName=%uid))(userPassword=%uid))))

The error shown in Nextcloud is “Wrong Password” in the logging the error is (still) login faillure.
The password for both login and change password are 100% equal.

Routine: Login as user 1test, password *********
From settings: change password, enter old password enter new password hit enter/commit.

Somehowe the old password with de username 1test dont make it the right to Ldap that refuses the login to Ldap for password change.

Anymore hints are welcome!


Hi Eric,

habe a look into Users unable to change password Active Directory/LDAP

Maybe this helps you.


Found the cause to the “login” problem. Did a expert mode change in NC-LDAP and now users may change their own password.
Cause: --> NC adds a string tot the USERname to make it uniek. On password changes only the uniek part is used to connect tot LDAP and then the login fails.

In expert mode changed the defaults for UUID from empty tot “UID” and all goes well.

Thanks for the suggestions/support.