"ldap:show-remnants" shows users who were never valid

Nextcloud version: 13.0.1
Operating system and version: Gentoo Linux / Rolling Release
Apache version: 2.4.32
PHP version: 7.2.3

The List from “./occ ldap:show-remnants” shows users who were never valid (not a member of a specified group) and if I delete them, they appear in the list after a short time. This has been happening for several versions of Nextcloud.

What can I do to ensure that Nextcloud only finds valid users?

The output of your Nextcloud log in Admin > Logging:

{"reqId":"WrkIDNf@sZ2iWe7kE@V2ZgAAAAE","level":3,"time":"2018-03-26T16:47:41+02:00","remoteAddr":"***","user":"***","app":"index","method":"GET","url":"\/nextcloud\/index.php\/settings\/users\/users?offset=0&limit=50&gid=Messerli3d&pattern=","message":"Exception: {\"Exception\":\"OC\\\\User\\\\NoUserException\",\"Message\":\"grafik.tel is not a valid user anymore\",\"Code\":0,\"Trace\":\"#0 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->getHome('grafik.tel')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(108): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(150): OCA\\\\User_LDAP\\\\User_Proxy->callOnLastSeenOn('grafik.tel', 'getHome', Array, false)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(227): OCA\\\\User_LDAP\\\\Proxy->handleRequest('grafik.tel', 'getHome', Array)\\n#4 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/User\\\/User.php(282): OCA\\\\User_LDAP\\\\User_Proxy->getHome('grafik.tel')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(261): OC\\\\User\\\\User->getHome()\\n#6 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(322): OC\\\\Settings\\\\Controller\\\\UsersController->formatUserForIndex(Object(OC\\\\User\\\\User))\\n#7 [internal function]: OC\\\\Settings\\\\Controller\\\\UsersController->index(0, 50, 'Messerli3d', '', '')\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#11 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Settings\\\\\\\\Con...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#12 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#14 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(998): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#15 \\\/var\\\/www\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#16 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":436}","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36","version":"13.0.1.1"}
{"reqId":"WrpCQEk7sWEgR8soMYVhnwAAAAE","level":3,"time":"2018-03-27T15:08:17+02:00","remoteAddr":"***","user":"***","app":"index","method":"GET","url":"\/nextcloud\/index.php\/settings\/users\/users?offset=0&limit=50&gid=Messerli3d&pattern=","message":"Exception: {\"Exception\":\"OC\\\\User\\\\NoUserException\",\"Message\":\"grafik.tel is not a valid user anymore\",\"Code\":0,\"Trace\":\"#0 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->getHome('grafik.tel')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(108): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(150): OCA\\\\User_LDAP\\\\User_Proxy->callOnLastSeenOn('grafik.tel', 'getHome', Array, false)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(227): OCA\\\\User_LDAP\\\\Proxy->handleRequest('grafik.tel', 'getHome', Array)\\n#4 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/User\\\/User.php(282): OCA\\\\User_LDAP\\\\User_Proxy->getHome('grafik.tel')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(261): OC\\\\User\\\\User->getHome()\\n#6 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(322): OC\\\\Settings\\\\Controller\\\\UsersController->formatUserForIndex(Object(OC\\\\User\\\\User))\\n#7 [internal function]: OC\\\\Settings\\\\Controller\\\\UsersController->index(0, 50, 'Messerli3d', '', '')\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#11 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Settings\\\\\\\\Con...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#12 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#14 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(998): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#15 \\\/var\\\/www\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#16 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":436}","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36","version":"13.0.1.1"}
{"reqId":"WrpCfUk7sWEgR8soMYVhtwAAAAE","level":3,"time":"2018-03-27T15:09:18+02:00","remoteAddr":"***","user":"***","app":"index","method":"GET","url":"\/nextcloud\/index.php\/settings\/users\/users?offset=0&limit=50&gid=MediaRent&pattern=","message":"Exception: {\"Exception\":\"OC\\\\User\\\\NoUserException\",\"Message\":\"Gevitas is not a valid user anymore\",\"Code\":0,\"Trace\":\"#0 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->getHome('Gevitas')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(108): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(150): OCA\\\\User_LDAP\\\\User_Proxy->callOnLastSeenOn('Gevitas', 'getHome', Array, false)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(227): OCA\\\\User_LDAP\\\\Proxy->handleRequest('Gevitas', 'getHome', Array)\\n#4 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/User\\\/User.php(282): OCA\\\\User_LDAP\\\\User_Proxy->getHome('Gevitas')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(261): OC\\\\User\\\\User->getHome()\\n#6 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(322): OC\\\\Settings\\\\Controller\\\\UsersController->formatUserForIndex(Object(OC\\\\User\\\\User))\\n#7 [internal function]: OC\\\\Settings\\\\Controller\\\\UsersController->index(0, 50, 'MediaRent', '', '')\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#11 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Settings\\\\\\\\Con...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#12 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#14 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(998): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#15 \\\/var\\\/www\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#16 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":436}","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36","version":"13.0.1.1"}

The output of LDAP-Config:

hasMemberOfFilterSupport      | 1
lastJpegPhotoLookup           | 0
ldapAgentName                 | CN=***,CN=***,DC=mgdom,DC=ch
ldapAgentPassword             | ***
ldapBackupHost                | ldaps://beta.mgdom.ch
ldapBackupPort                | 636
ldapBase                      | DC=mgdom,DC=ch
ldapBaseGroups                | OU=Groups,DC=mgdom,DC=ch
ldapBaseUsers                 | OU=Accounts,DC=mgdom,DC=ch
ldapCacheTTL                  | 600
ldapConfigurationActive       | 1
ldapEmailAttribute            | mail
ldapExperiencedAdmin          | 0
ldapExpertUsernameAttr        | sAMAccountName
ldapGidNumber                 | gidNumber
ldapGroupDisplayName          | cn
ldapGroupFilter               | (&(|(objectclass=group))(|(cn=Fabrikatur)(cn=ExpoFormer)(cn=Messerli3d)(cn=MintArchitecture)(cn=MediaRent)(cn=AlphaBlue)(cn=LiveLab)(cn=Hunziker)(cn=Konform)))
ldapGroupFilterGroups         | Fabrikatur;ExpoFormer;Messerli3d;MintArchitecture;MediaRent;AlphaBlue;LiveLab;Hunziker;Konform
ldapGroupFilterMode           | 0
ldapGroupFilterObjectclass    | group
ldapGroupMemberAssocAttr      | member
ldapHost                      | ldaps://alphax.mgdom.ch
ldapLoginFilter               | (&(&(|(objectclass=user))(|(|(memberof=CN=Nextcloud,OU=Groups,DC=mgdom,DC=ch)(primaryGroupID=2428))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
ldapLoginFilterEmail          | 1
ldapLoginFilterMode           | 0
ldapLoginFilterUsername       | 1
ldapNestedGroups              | 0
ldapPagingSize                | 1000
ldapPort                      | 636
ldapQuotaDefault              | 25 GB
ldapTLS                       | 0
ldapUserDisplayName           | displayname
ldapUserFilter                | (&(objectclass=user)(memberof=CN=Nextcloud,OU=Groups,DC=mgdom,DC=ch))
ldapUserFilterGroups          | Nextcloud
ldapUserFilterMode            | 0
ldapUserFilterObjectclass     | user
ldapUuidGroupAttribute        | auto
ldapUuidUserAttribute         | auto
turnOffCertCheck              | 0
turnOnPasswordChange          | 0
useMemberOfToDetectMembership | 1

Apache does not give any error messages.