Hi all,
I’am trying to connect NextCloud to my LDAP Server and was really happy that this is so easy. I love the fact that I can test the LDAP-Config right inside NextCloud to verify groups and users, even test usernames.
Sadly even though everything seems ok, I can not log in.
Nextcloud version (eg, 10.0.2): 12.0.3
Operating system and version (eg, Ubuntu 16.04): 4.9.49-gentoo
Apache or nginx version (eg, Apache 2.4.25): 2.4.27
PHP version (eg, 5.6): 7.0.25
Is this the first time you’ve seen this error?:
Yes
Can you reliably replicate it? (If so, please outline steps):
- Fill out the LDAP config in nextcloud as described.
- Verify Settings and count users (amount is correct).
- Verify Login Settings - Test Username (User found and settings verified.)
- Verify and Counts the groups (amount is correct).
- Advanced Settings for username, groupname, base-DN’s and group-member-association
- Expert Settings to use own internal username attribute uid which is basicly the login name
The issue you are facing:
I can not login with any LDAP user.
Also in User-Tab…
- …I can see the LDAP user with his correct group
- …I can see the LDAP groups
- …the LDAP groups are empty
The output of your Nextcloud log in Admin > Logging:
NextCloud is trying to get all the information from LDAP which is working:
{“reqId”:“Wh-mtNXwkY0AAC1DDeYAAAAI”,“level”:0,“time”:“2017-11-30T11:08:36+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“core”,“method”:“GET”,“url”:“/index.php/login”,“message”:“Scss is disabled for /home/nextcloud/nextcloud/core/css/share.scss, ignoring”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:41+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0",“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:"initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0",“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:"initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => primarygroupid\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Requested attribute primarygroupid not found for uid=REMOVED,ou=people,o=REMOVED,dc=de”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => gidnumber\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Requested attribute gidnumber not found for uid=REMOVED,ou=people,o=REMOVED,dc=de”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => uid\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“readAttribute: cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de found”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_*)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
There is no error, Nextcloud ist just repeating from there - ready for paged search, initialzing paged search.
I don’t know, it just keeps asking. This is my LDAP.log:
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: read active on 21 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21) Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21): got connid=1034 Nov 29 11:52:48 REMOVED slapd[5376]: connection_read(21): checking for input on id=1034 Nov 29 11:52:48 REMOVED slapd[5376]: op tag 0x63, time 1511952768 Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 do_search Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on: Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>, <uid=REMOVED,ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: SRCH "uid=REMOVED,ou=people,o=REMOVED,dc=de" 0 0 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: 0 0 0 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter Nov 29 11:52:48 REMOVED slapd[5376]: AND Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter_list Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0 Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter Nov 29 11:52:48 REMOVED slapd[5376]: SUBSTRINGS Nov 29 11:52:48 REMOVED slapd[5376]: begin get_ssa Nov 29 11:52:48 REMOVED slapd[5376]: INITIAL Nov 29 11:52:48 REMOVED slapd[5376]: end get_ssa Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0 Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter_list Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0 Nov 29 11:52:48 REMOVED slapd[5376]: filter: (&(objectClass=inetOrgPerson)(memberOf=nextcloud_*)) Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical) Nov 29 11:52:48 REMOVED slapd[5376]: <= get_ctrls: n=1 rc=0 err="" Nov 29 11:52:48 REMOVED slapd[5376]: attrs: Nov 29 11:52:48 REMOVED slapd[5376]: 1.1 Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SRCH base="uid=REMOVED,ou=people,o=REMOVED,dc=de" scope=0 deref=0 filter="(&(objectClass=inetOrgPerson)(memberOf=nextcloud_*))" Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SRCH attr=1.1 Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_search(): base="uid=REMOVED,ou=people,o=REMOVED,dc=de", filter="(&(objectClass=inetOrgPerson)(memberOf=nextcloud_*))", scope=0, Nov 29 11:52:48 REMOVED slapd[5376]: deref=0, attrsonly=0, attributes to load: custom list Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_db_conn() Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_db_conn() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): adding "objectClass" to list Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de") matched expected Nov 29 11:52:48 REMOVED slapd[5376]: backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE upper(dn)=upper(?)" Nov 29 11:52:48 REMOVED slapd[5376]: backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): id=7 keyval=7 oc_id=1 dn=uid=REMOVED,ou=people,o=REMOVED,dc=de Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>, <uid=REMOVED,ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): err=0 Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): attribute "objectClass" is in list Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): adding "ref" to list Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_id2entry() Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): custom attribute list Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): attribute "ref" is not defined for objectlass "inetOrgPerson" Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_id2entry() Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "entry" requested Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd) Nov 29 11:52:48 REMOVED slapd[5376]: backsql_search(): loading data for entry id=7 oc_id=1, keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter Nov 29 11:52:48 REMOVED slapd[5376]: AND Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter_and Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "objectClass" requested Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd) Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 6 Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter Nov 29 11:52:48 REMOVED slapd[5376]: SUBSTRINGS Nov 29 11:52:48 REMOVED slapd[5376]: begin test_substrings_filter Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "memberOf" requested Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd) Nov 29 11:52:48 REMOVED slapd[5376]: end test_substrings_filter 5 Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 5 Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter_and 5 Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 5 Nov 29 11:52:48 REMOVED slapd[5376]: send_paged_response: lastid=0x00000000 nentries=0 Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_result: conn=1034 op=1 p=3 Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_result: err=0 matched="" text="" Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_response: msgid=2 tag=101 err=0 Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_search() Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on: Nov 29 11:52:48 REMOVED slapd[5376]: 21r Nov 29 11:52:48 REMOVED slapd[5376]: Nov 29 11:52:48 REMOVED slapd[5376]: daemon: read active on 21 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21) Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21): got connid=1034 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: connection_read(21): checking for input on id=1034 Nov 29 11:52:48 REMOVED slapd[5376]: op tag 0x63, time 1511952768 Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 do_search Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on: Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <ou=people,o=REMOVED,dc=de>, <ou=people,o=REMOVED,dc=de> Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: SRCH "ou=people,o=REMOVED,dc=de" 2 0 Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL Nov 29 11:52:48 REMOVED slapd[5376]: 0 0 0 Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0 Nov 29 11:52:48 REMOVED slapd[5376]: filter: (uid=REMOVED) Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical) Nov 29 11:52:48 REMOVED slapd[5376]: <= get_ctrls: n=1 rc=0 err="" Nov 29 11:52:48 REMOVED slapd[5376]: attrs: Nov 29 11:52:48 REMOVED slapd[5376]: dn Nov 29 11:52:48 REMOVED slapd[5376]: Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SRCH base="ou=people,o=REMOVED,dc=de" scope=2 deref=0 filter="(uid=REMOVED)" Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SRCH attr=dn Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_search(): base="ou=people,o=REMOVED,dc=de", filter="(uid=REMOVED)", scope=2, Nov 29 11:52:48 REMOVED slapd[5376]: deref=0, attrsonly=0, attributes to load: custom list ... Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_oc_get_candidates(): oc="posixGroup" Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_srch_query() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_process_filter() Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_process_filter() succeeded Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_srch_query() returns SELECT DISTINCT ldap_entries.id,applicationrole.id,text('posixGroup') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,applicationr Nov 29 11:52:48 REMOVED slapd[5376]: Constructed query: SELECT DISTINCT ldap_entries.id,applicationrole.id,text('posixGroup') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,applicationrole WHERE app Nov 29 11:52:48 REMOVED slapd[5376]: id: '4' Nov 29 11:52:48 REMOVED slapd[5376]: (sub)dn: "%OU=PEOPLE,O=REMOVED,DC=DE" Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_oc_get_candidates(): 0 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_search(): loading data for entry id=7 oc_id=1, keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_id2entry() Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): retrieving all attributes Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="cn" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="sn" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="uid" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="email" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="client" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="clientId" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="memberOf" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 3 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="clientPrefix" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="userPassword" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="telephoneNumber" keyval=7 Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1 Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals() Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_id2entry() Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY ... Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
This seems fine, LDAP is offering the user, no errors. But with one login I get this upper loop like 600+ times.
Also I checked everything in my LDAP-Config in nextcloud. Tested connection, retreived groups and users, even verified the username. It all looks good and ok, nextcloud keeps saying “User found and settings verified.”
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
‘instanceid’ => ‘REMOVED’,
‘passwordsalt’ => ‘REMOVED’,
‘secret’ => ‘REMOVED’,
‘trusted_domains’ =>
array (
0 => ‘REMOVED’,
),
‘datadirectory’ => ‘REMOVED’,
‘overwrite.cli.url’ => ‘REMOVED’,
‘dbtype’ => ‘pgsql’,
‘version’ => ‘12.0.3.3’,
‘dbname’ => ‘REMOVED’,
‘dbhost’ => ‘REMOVED’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘REMOVED’,
‘dbpassword’ => ‘REMOVED’,
‘installed’ => true,
‘ldapIgnoreNamingRules’ => false,
‘ldapProviderFactory’ => ‘\OCA\User_LDAP\LDAPProviderFactory’,
‘loglevel’ => 0,
);
The output of your Apache/nginx/system log in /var/log/____
:
This is basicly empty, just some access logs. Nextcloud itself is fine and works as intended. It is just the LDAP issue.
I don’t know what to do. Tried everything I can come up with.