LDAP: use nextcloud user signup form to create user in LDAP database

💻 Development app dev
1

I want to contribute to the project by developing a functionality to use the signup proccess in nextcloud to create an user in the LDAP user base. By now the LDAP app only reads the LDAP database.

I have tried to work a little bit but could not run the automated tests. Maybe it is lacking documentation, or there is something I forgot. How do I run only the LDAP app tests?

Thank you.

2

Hi Vinicius,

Here is a link for initial version of the Ldap User Management app: https://gitlab.com/eita/ldapusermanagement . It replaces NC user management, and reads/writes everything in LDAP server.
There are still some issues, but it should work.

I would be happy to receive some Feedbacks!

best,
alan

1 Like
3

Hi,

what’s up for this project ?

I use ldap integration and Registrations application
I search how to store a new account created with registration app in the ldap and not in the local database.

ldapusermanagement can make that ?

Thanks.

4

yes! give a try, and please provide feedback!

5

Yes i can be try and provide feedback, but i have problem with configuration’s recording.

Step :

  • install php5-ldap
  • Active application “Ldap User and group Backend”
  • cd …nextcloud/apps
  • git clone https://gitlab.com/eita/ldapusermanagement.git (ssh dont working)
  • Active application “ldapusermanagement”
  • In Admin Settings / LDAP AD Integration tab
  • new menu under the user_ldap configurations : 'Ldap User Management"
  • host : 10.0.0.1
  • Port : 389
  • DN : cn=admin,dc=blate,dc=fr
  • Password : xxx (visible in clear)
  • User Base : ou=users,dc=blate,dc=fr
  • Group Base : ou=groups,dc=blate,dc=fr

I see the message “registration …” and I do not know what to do now.

tested with 11.0.1 and 11.0.2, with “Ldap User and group Backend” configuration working and without.

Second, ldap authentication does not work now.
i have these error messages :
“app”:“no app in context”,“message”:“Missing expected parameters in change user hook”,“level”:2,“time”:“2017-04-09T15:13:01+00:00”,“method”:“POST”,“url”:"/index.php/login?redirect_url=/index.php/apps/files/",“user”:“anakin”,“version”:“11.0.2.7”}

“app”:“PHP”,“message”:“ldap_connect() expects parameter 2 to be long, string given at /var/www/nextcloud/apps/ldapusermanagement/lib/LDAPConnect.php#35”,“level”:3,“time”:“2017-04-09T15:13:01+00:00”,“method”:“POST”,“url”:"/index.php/login?redirect_url=/index.php/apps/files/",“user”:“anakin”,“version”:“11.0.2.7”}

vi /var/www/nextcloud/apps/ldapusermanagement/lib/LDAPConnect.php

// Connecting to LDAP - TODO: connect directly via LDAP plugin
$ds = $ldapconn = ldap_connect($ldaphost, $ldapport)
or die(“Could not connect to $ldaphost”);

6

Hi Jybee,

Thanks for the feedback. Please do the following:

cd apps/ldapusermanagement
git pull

then try to create a new user, lets say newUser. Make shure you have

 'loglevel' => 0,

at config/config.php

Then, post the log result here. Thanks a lot!

7

hi, thanks for your answer :slight_smile:

in …/config/config.php, i switch ‘loglevel’ => 2 to ‘loglevel’ => 0

I - Saving configuration ldapUserManagement :
=> OK - configuration saved
tailf /var/log/nextcloud.log
No log

Note : in Host box, option “reset to default” doesn’t work.
I see the message “registration …” and… i wait
tailf /var/log/nextcloud.log
No log

II - Connection with an already existing user in the ldap :
=> OK - Anakin is connected on nextcloud
tailf /var/log/nextcloud.log

“app”:“admin_audit”,“message”:“Login attempt: "anakin"”,“level”:1,“time”:“2017-04-11T17:24:22+00:00”,“method”:“POST”,“url”:“/index.php/login”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“Login successful: "anakin"”,“level”:1,“time”:“2017-04-11T17:24:22+00:00”,“method”:“POST”,“url”:“/index.php/login”,“user”:“anakin”,“version”:“11.0.2.7”}
“app”:“no app in context”,“message”:“Missing expected parameters in change user hook”,“level”:2,“time”:“2017-04-11T17:24:22+00:00”,“method”:“POST”,“url”:“/index.php/login”,“user”:“anakin”,“version”:“11.0.2.7”}
“app”:“no app in context”,“message”:“Missing expected parameters in change user hook”,“level”:2,“time”:“2017-04-11T17:24:22+00:00”,“method”:“POST”,“url”:“/index.php/login”,“user”:“anakin”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“getUsers: Options: search limit 500 offset 0 Filter: (&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=ami,ou=nextcloud,ou=groups,dc=blate,dc=fr)(memberof=cn=famille,ou=nextcloud,ou=groups,dc=blate,dc=fr)))(uid=)(uid=))”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“initializing paged search for Filter (&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=ami,ou=nextcloud,ou=groups,dc=blate,dc=fr)(memberof=cn=famille,ou=nextcloud,ou=groups,dc=blate,dc=fr)))(uid=)(uid=)) base Array\n(\n [0] => ou=users,dc=blate,dc=fr\n)\n attr Array\n(\n [0] => dn\n [1] => uid\n [2] => samaccountname\n [3] => memberof\n [4] => \n [5] => mail\n [6] => uid\n [7] => \n [8] => uid\n)\n limit 500 offset 0”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“Ready for a paged search”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“getUsers: 3 Users found”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“No DN found for sabre-vobject-47b365f8-3e51-469f-b295-2809f30952c1 on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“No DN found for sabre-vobject-8878dff0-0145-4673-b3e4-1ce16baf7ac4 on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“No DN found for sabre-vobject-4b2171cf-e901-46df-9120-082dfbae2577 on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“No DN found for sabre-vobject-0dc45562-5099-45d0-9393-467e064fe4d9 on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“user_ldap”,“message”:“No DN found for sabre-vobject-a2e6ac69-8536-4fff-96f2-ad547a8a7c44 on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:24:25+00:00”,“method”:“GET”,“url”:“/cron.php”,“user”:“–”,“version”:“11.0.2.7”}

III - Delete user in database on the web page of nextcloud :
=> OK - User deleted in database, But error message in log
tailf /var/log/nextcloud.log

When user is just user in database :
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_bind(): Unable to bind to server: Invalid credentials at /var/www/nextcloud/apps/ldapusermanagement/lib/LDAPConnect.php#59”,“level”:3,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to bind to LDAP server using credentials cn=authnextcloud,ou=services,dc=blate,dc=fr > ###I SEE THE PASSWORD IN LOG###”,“level”:3,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_delete() expects parameter 1 to be resource, null given at /var/www/nextcloud/apps/ldapusermanagement/lib/UserService.php#76”,“level”:3,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to delete LDAP user blate”,“level”:3,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“User deleted: "blate"”,“level”:1,“time”:“2017-04-11T17:25:42+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/blate”,“user”:“admin”,“version”:“11.0.2.7”}

When user is existing in ldap :

“app”:“user_ldap”,“message”:“getGroups(): read 2 at offset (limit: 500)”,“level”:0,“time”:“2017-04-11T21:01:15+00:00”,“method”:“GET”,“url”:“/index.php/settings/users”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T21:02:19+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/newUser”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T21:02:19+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/newUser”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Delete LDAP user (isDeleted): newUser”,“level”:1,“time”:“2017-04-11T21:02:19+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/newUser”,“user”:“admin”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“User deleted: "newUser"”,“level”:1,“time”:“2017-04-11T21:02:19+00:00”,“method”:“DELETE”,“url”:“/index.php/settings/users/users/newUser”,“user”:“admin”,“version”:“11.0.2.7”}

IV - Creating user with the application “registration” :
=> NOT OK - Probleme with group
tailf /var/log/nextcloud.log

WITH ERROR CREDENTIAL : See Password in LOG
oops sry it forget, user is blate (not newUser)

“app”:“user_ldap”,“message”:“No DN found for blate on ldap://10.0.0.1”,“level”:0,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_bind(): Unable to bind to server: Invalid credentials at /var/www/nextcloud/apps/ldapusermanagement/lib/LDAPConnect.php#59”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to bind to LDAP server using credentials cn=authnextcloud,ou=services,dc=blate,dc=fr > ###I SEE THE PASSWORD IN LOG###”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_add() expects parameter 1 to be resource, null given at /var/www/nextcloud/apps/ldapusermanagement/lib/UserService.php#62”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to create LDAP user ‘blate’ (cn=blate,ou=users,dc=blate,dc=fr)”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“User created: "blate"”,“level”:1,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_bind(): Unable to bind to server: Invalid credentials at /var/www/nextcloud/apps/ldapusermanagement/lib/LDAPConnect.php#59”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to bind to LDAP server using credentials cn=authnextcloud,ou=services,dc=blate,dc=fr > ###I SEE THE PASSWORD IN LOG###”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_mod_add() expects parameter 1 to be resource, null given at /var/www/nextcloud/apps/ldapusermanagement/lib/GroupService.php#43”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to add user blate to group ami”,“level”:3,“time”:“2017-04-11T17:28:01+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/EAXVI8”,“user”:“–”,“version”:“11.0.2.7”}

WITH GOOD CREDENTIAL (BUT MAYBE BAD ACL) : Not OK

“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=authnextcloud,ou=services,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_add(): Add: Insufficient access at /var/www/nextcloud/apps/ldapusermanagement/lib/UserService.php#62”,“level”:3,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to create LDAP user ‘newUser’ (cn=newUser,ou=users,dc=blate,dc=fr)”,“level”:3,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“User created: "newUser"”,“level”:1,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=authnextcloud,ou=services,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_mod_add(): Modify: No such object at /var/www/nextcloud/apps/ldapusermanagement/lib/GroupService.php#43”,“level”:3,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to add user newUser to group ami”,“level”:3,“time”:“2017-04-11T20:45:39+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/SHRNBD”,“user”:“–”,“version”:“11.0.2.7”}

WITH ROOT DN CREDENTIAL : Not OK

“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Create LDAP user ‘newUser’ (cn=newUser,ou=users,dc=blate,dc=fr)”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“admin_audit”,“message”:“User created: "newUser"”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“PHP”,“message”:“ldap_mod_add(): Modify: No such object at /var/www/nextcloud/apps/ldapusermanagement/lib/GroupService.php#43”,“level”:3,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Unable to add user newUser to group ami”,“level”:3,“time”:“2017-04-11T20:51:53+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/VTHFD1”,“user”:“–”,“version”:“11.0.2.7”}

WITH ROOT DN CREDENTIAL WITHOUT DEFAULT GROUP : OK

“app”:“admin_audit”,“message”:“Login attempt: "newUser"”,“level”:1,“time”:“2017-04-11T20:58:16+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/PY4D7W”,“user”:“newUser”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Connected to LDAP host 10.0.0.1:389”,“level”:1,“time”:“2017-04-11T20:58:16+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/PY4D7W”,“user”:“newUser”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-04-11T20:58:16+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/PY4D7W”,“user”:“newUser”,“version”:“11.0.2.7”}
“app”:“ldapusermanagement”,“message”:“Create LDAP user ‘newUser’ (cn=newUser,ou=users,dc=blate,dc=fr)”,“level”:1,“time”:“2017-04-11T20:58:16+00:00”,“method”:“POST”,“url”:“/index.php/apps/registration/verify/PY4D7W”,“user”:“newUser”,“version”:“11.0.2.7”}
==> User “newUser” is created in LDAP (i see newUser in my ldap browser)
==> I can connect to nextcloud with newUser
==> In Nextcloud admin, i see newUser is stored in the local Database

8

Dear jybee,

Thank you so much for your feedback. After your report, we decided to go ahead and make something that was already our TODO list since long time: remove our config panel, and user configurations from user_ldap plugin.

So, I ask you to :

  1. cd apps/ldapusermanagement
  2. git pull
  3. cd ../../
  4. php occ upgrade
  5. make sure that : host, port, password, DN, password, user base and group base are configured at user_ldap
  6. sqlite3 data/owncloud.db
  7. delete from oc_admin_settings where class='OCA\Ldapusermanagement\Settings\Admin';

This should be enough for the plugin to work fine. Thus, for the newly created users, all data edited in nextcloud will reflect on LDAP server.

keep in touch,
alan

9

Hi alantygel,

I am finally back :slight_smile:

I tested with the new changes.
In fact, no configuration is to be made in the Admin Settings / LDAP AD Integration tab menu.

However, I still have the same problem with the groups.

Users menu on nextcloud:

  • Create New User “NewUser” in group “family”

Tailf /var/log/nextcloud.log
> “ldapusermanagement”,“message”:“Connected to LDAP host ldap://IP.LDAP.SRV.X:389”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Create LDAP user ‘NewUser’ (cn=NewUser,ou=users,dc=blate,dc=fr)”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Connected to LDAP host ldap://IP.LDAP.SRV.X:389”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“PHP”,“message”:“ldap_mod_add(): Modify: No such object at /var/www/nextcloud/apps/ldapusermanagement/lib/GroupService.php#46”,“level”:3,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Unable to add user NewUser to group famille”,“level”:3,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Connected to LDAP host ldap://IP.LDAP.SRV.X:389”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr”,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“ldapusermanagement”,“message”:“Modify user attributes test@newuser.net and NewUser and “,“level”:1,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:”/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}
> “app”:“core”,“message”:“Sent mail to "Array\n(\n [test@newuser.net] => NewUser\n)\n" with subject "Votre compte Nextcloud a \u00e9t\u00e9 cr\u00e9\u00e9"”,“level”:0,“time”:“2017-05-01T11:27:09+00:00”,“method”:“POST”,“url”:“/index.php/settings/users/users”,“user”:“admin”,“version”:“11.0.3.2”}

Error Message : Unable to add user NewUser to group famille
New user is seen without group in nextcloud and in ldap

  • In Nextcloud

NewUser NewUser ●●●●●●● test@newuser.net aucun groupe aucun groupe /var/www/nextcloud/data/NewUser Database

  • In Ldap

ou=users,dc=blate,dc=fr
cn=NewUser No group

I have already 3 users in my ldap.
I see each user in user menu tab on nextcloud with good group affected.

uid=anakin memberOf=cn=famille,ou=nextcloud,ou=groups,dc=blate,dc=fr
uid=luke memberOf=cn=ami,ou=nextcloud,ou=groups,dc=blate,dc=fr
uid=yoda memberOf=cn=famille,ou=nextcloud,ou=groups,dc=blate,dc=fr

What can i do to fix this problem ?
Do you need my ldap Ldif configuration ?

Other problem found:

  • I can connect to nextcloud with user NewUser
  • The user is stored in the database and in LDAP.
    However it is displayed in “Database” in the Nextcloud user menu
  • If I change the user’s password in Nextcloud, the password is not changed in Ldap

Thx for your help :slight_smile:

Jybee

10

Hi again,

I decided to change all my ldap to match the best to your development (hum … I believe ^^)
Before my groups were “groupofnames” and my users “shadowaccount” and “person”
So I deleted all my existing accounts and groups to be sure of compatibility with NextCloud.

I am not a developer, I allowed myself to look in the code
I changed the following line: ‘homedirectory’ => “/ home / $ uid”,
And, it seems to me that the attributes “uidnumber” and gidnumber "must be unique.

Back on topic,

This is my ldap_user configuration

  • Serveur :
    ldap://IP:389
    cn=admin,dc=blate,dc=fr
    password
    dc=blate,dc=fr
  • Utilisateurs
    filtre Ldap : (|(objectclass=posixAccount))
  • Attributs de login
    filtre ldap : (&(|(objectclass=posixAccount))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
  • Groupes
    filtre ldap : (&(|(objectclass=posixGroup)))
  • Avancé
    Configuration active : OK
    Champ “nom d’affichage” de l’utilisateur : cn
    DN racine de l’arbre utilisateurs : ou=users,dc=blate,dc=fr
    Champ “nom d’affichage” du groupe : cn
    DN racine de l’arbre groupes : ou=nextcloud,ou=groups,dc=blate,dc=fr
    Activer la modification du mot de passe LDAP par l’utilisateur : OK
    Champ Email : mail
    Règle de nommage du répertoire utilisateur : uid
  • Expert
    Nom d’utilisateur interne : uid

Creating users and groups without pre-existing
From the nextcloud user menu

  • Create a group: family
    Okay
  • Delete group: family
    Okay
  • Create user and link to family group
    Okay
  • Unlink user from family group
    Okay
  • Link user to froup famille
    Okay
  • Verify that the mail and display name are changed in ldap
    Okay
  • Delete user
    Okay
  • Change user password
    Not Okay
    (test from phpldapadmin to verify)

Conclusion: all functions work except modify password

However, I have a problem:
I have a cron www-data that runs every 15 minutes /var/www/nextcloud/cron.php (for this test i change the execution of the cron every 5 minutes)
For each execution of cron,
I have 2 “same” new user, one in the database and the same in ldap (with incrementable name)
Maybe you have to “delete” the user in the database after creating, just to keep the new user in ldap.
This problem also occurs if I down and back up the ldap connection (crash ldap to the example).

Example :
i create group "famille " and then i create user “toto” and link to group “famille”

  • In user menu of nextcloud :

      toto 		toto 	●●●●●●● 	toto@blate.fr 	famille		aucun groupe	/var/www/nextcloud/data/toto 	Database 	jamais

  • In ldap :

    ou=users,dc=blate,dc=fr
    uid=toto,ou=users,dc=blate,dc=fr

  • LOG :

Debug core Sent mail to "Array ( [toto@blate.fr] => toto ) " with subject “Votre compte Nextcloud a été créé”
Info ldapusermanagement Modify user attributes toto@blate.fr and toto
Info ldapusermanagement Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr
Info ldapusermanagement Connected to LDAP host ldap://IPSERVERLDAP:389
Info ldapusermanagement Add user: toto to group: famille
Info ldapusermanagement Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr
Info ldapusermanagement Connected to LDAP host ldap://IPSERVERLDAP:389
Info ldapusermanagement Create LDAP user ‘toto’ (uid=toto,ou=users,dc=blate,dc=fr)
Info ldapusermanagement Bind to LDAP server using credentials cn=admin,dc=blate,dc=fr
Info ldapusermanagement Connected to LDAP host ldap://IPSERVERLDAP:389
Debug user_ldap No DN found for toto on ldap://10.8.8.99

After running the cron

  • In user menu of nextcloud :

      toto 		toto 	●●●●●●● 	toto@blate.fr 	famille		aucun groupe	/var/www/nextcloud/data/toto 	Database 	jamais 	
  toto_4212 	toto 	●●●●●●● 	 toto@blate.fr 	famille		aucun groupe 	/var/www/nextcloud/data/toto 	LDAP 		jamais

  • In ldap :

    ou=users,dc=blate,dc=fr
    uid=toto,ou=users,dc=blate,dc=fr

  • LOG :
    Debug user_ldap getUsers: 1 Users found
    Debug user_ldap Ready for a paged search
    Debug user_ldap initializing paged search for Filter (&(|(objectclass=posixAccount))(cn=)(cn=)) base Array ( [0] => ou=users,dc=blate,dc=fr ) attr Array ( [0] => dn [1] => uid [2] => samaccountname [3] => memberof [4] => [5] => mail [6] => cn [7] => [8] => uid ) limit 50 offset 0
    Debug user_ldap getUsers: Options: search limit 50 offset 0 Filter: (&(|(objectclass=posixAccount))(cn=)(cn=))
    Debug user_ldap Ready for a paged search
    Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=ami,ou=nextcloud,ou=groups,dc=blate,dc=fr ) attr Array ( [0] => ) limit 500 offset 0
    Debug user_ldap getGroups(): read 1 at offset (limit: 500)
    Debug user_ldap Ready for a paged search
    Debug user_ldap initializing paged search for Filter (&(&(|(objectclass=posixGroup)))(cn=)) base Array ( [0] => ou=nextcloud,ou=groups,dc=blate,dc=fr ) attr Array ( [0] => cn [1] => dn ) limit 500 offset 0
    Debug user_ldap getGroups Filter (&(&(|(objectclass=posixGroup)))(cn=    ))
    Debug user_ldap getGroups getGroups–500-
    Debug cron Finished OCA\User_LDAP\Jobs\CleanUp job with ID 21
    Debug cron Run OCA\User_LDAP\Jobs\CleanUp job with ID 21
    Debug cron Finished OCA\User_LDAP\Jobs\UpdateGroups job with ID 20
    Debug cron Run OCA\User_LDAP\Jobs\UpdateGroups job with ID 20

I have problems with existing users and groups, but I keep looking;)
I would make a return later ^^

11

sasfasfZXVsvasvASAS