The Basics
- Nextcloud Server version (e.g., 29.x.x):
32
- Operating system and version (e.g., Ubuntu 24.04):
Debian 12
- Web server and version (e.g, Apache 2.4.25):
Apache2.4.65-1~deb12u1
- Reverse proxy and version _(e.g. nginx 1.27.2)
N/A
- PHP version (e.g, 8.3):
8.2
- Is this the first time you’ve seen this error? (Yes / No):
No
- When did this problem seem to first start?
Always
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Bare Metal
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
I use an LDAP (user_ldap) server to manage accounts and group memberships and at the same time OIDC (user_oidc) for authentication. Usually, the OIDC login is mapped into the LDAP user. This requires the LDAP user to be created first.
In some cases the users log in with OIDC before the LDAP sync created the user. In such cases the user will be created twice, once with the user_oidc back end and later again with user_ldap back end (with a modified ID, due to the collision).
One simple solution would be to decrease the sync period for the LDAP users. However, I was not able to find a setting for this. I tested different values for ldapCacheTTL and also ran the cron job every minute, but it did not have an effect. However, I cannot find any CLI path that would enable automating a shorter sync interval. I think I tested all available occ ldap: and occ user: subcommands. None seems to fetch an updated user list.
What I find confusing: the users search with the web interface does seem to query the LDAP database immediately. Why is it behaving differently than occ user:list or occ ldap:search?
Is anyone else facing this and/or did anyone find a good solution?
Thanks