LDAP-User Login not possible

Hi all,

I’am trying to connect NextCloud to my LDAP Server and was really happy that this is so easy. I love the fact that I can test the LDAP-Config right inside NextCloud to verify groups and users, even test usernames.
Sadly even though everything seems ok, I can not log in.

Nextcloud version (eg, 10.0.2): 12.0.3
Operating system and version (eg, Ubuntu 16.04): 4.9.49-gentoo
Apache or nginx version (eg, Apache 2.4.25): 2.4.27
PHP version (eg, 5.6): 7.0.25

Is this the first time you’ve seen this error?:
Yes

Can you reliably replicate it? (If so, please outline steps):

• Fill out the LDAP config in nextcloud as described.
• Verify Settings and count users (amount is correct).
• Verify Login Settings - Test Username (User found and settings verified.)
• Verify and Counts the groups (amount is correct).
• Advanced Settings for username, groupname, base-DN’s and group-member-association
• Expert Settings to use own internal username attribute uid which is basicly the login name

The issue you are facing:
I can not login with any LDAP user.

Also in User-Tab…

• …I can see the LDAP user with his correct group
• …I can see the LDAP groups
• …the LDAP groups are empty

The output of your Nextcloud log in Admin > Logging:
NextCloud is trying to get all the information from LDAP which is working:

{“reqId”:“Wh-mtNXwkY0AAC1DDeYAAAAI”,“level”:0,“time”:“2017-11-30T11:08:36+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“core”,“method”:“GET”,“url”:“/index.php/login”,“message”:“Scss is disabled for /home/nextcloud/nextcloud/core/css/share.scss, ignoring”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:41+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0",“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:"initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“–”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0",“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:"initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => primarygroupid\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Requested attribute primarygroupid not found for uid=REMOVED,ou=people,o=REMOVED,dc=de”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => gidnumber\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Requested attribute gidnumber not found for uid=REMOVED,ou=people,o=REMOVED,dc=de”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => uid\n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mudXwkY0AAC1DDecAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“POST”,“url”:“/index.php/login”,“message”:“readAttribute: cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de found”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“Turned off SSL certificate validation successfully.”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“initializing paged search for Filter (&(objectclass=inetOrgPerson)(memberOf=nextcloud_*)) base Array\n(\n [0] => uid=REMOVED,ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“Ready for a paged search”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}
{“reqId”:“Wh-mutXwkY0AAC1DDegAAAAI”,“level”:0,“time”:“2017-11-30T11:08:42+00:00”,“remoteAddr”:“REMOVED”,“user”:“REMOVED”,“app”:“user_ldap”,“method”:“GET”,“url”:“/index.php/apps/files/”,“message”:“initializing paged search for Filter uid=REMOVED base Array\n(\n [0] => ou=people,o=REMOVED,dc=de\n)\n attr Array\n(\n [0] => dn\n)\n limit 2 offset 0”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”,“version”:“12.0.3.3”}

There is no error, Nextcloud ist just repeating from there - ready for paged search, initialzing paged search.
I don’t know, it just keeps asking. This is my LDAP.log:

Nov 29 11:52:48 REMOVED slapd[5376]: daemon: read active on 21
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21)
Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21): got connid=1034
Nov 29 11:52:48 REMOVED slapd[5376]: connection_read(21): checking for input on id=1034
Nov 29 11:52:48 REMOVED slapd[5376]: op tag 0x63, time 1511952768
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 do_search
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on:
Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: 
Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>, <uid=REMOVED,ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: SRCH "uid=REMOVED,ou=people,o=REMOVED,dc=de" 0 0
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]:     0 0 0
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter
Nov 29 11:52:48 REMOVED slapd[5376]: AND
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter_list
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter
Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY
Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter
Nov 29 11:52:48 REMOVED slapd[5376]: SUBSTRINGS
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_ssa
Nov 29 11:52:48 REMOVED slapd[5376]:   INITIAL
Nov 29 11:52:48 REMOVED slapd[5376]: end get_ssa
Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0
Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter_list
Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0
Nov 29 11:52:48 REMOVED slapd[5376]:     filter: (&(objectClass=inetOrgPerson)(memberOf=nextcloud_*))
Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls
Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical)
Nov 29 11:52:48 REMOVED slapd[5376]: <= get_ctrls: n=1 rc=0 err=""
Nov 29 11:52:48 REMOVED slapd[5376]:     attrs:
Nov 29 11:52:48 REMOVED slapd[5376]:  1.1
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SRCH base="uid=REMOVED,ou=people,o=REMOVED,dc=de" scope=0 deref=0 filter="(&(objectClass=inetOrgPerson)(memberOf=nextcloud_*))"
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SRCH attr=1.1
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_search(): base="uid=REMOVED,ou=people,o=REMOVED,dc=de", filter="(&(objectClass=inetOrgPerson)(memberOf=nextcloud_*))", scope=0,
Nov 29 11:52:48 REMOVED slapd[5376]:  deref=0, attrsonly=0, attributes to load: custom list
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_db_conn()
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_db_conn()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): adding "objectClass" to list
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de") matched expected
Nov 29 11:52:48 REMOVED slapd[5376]:    backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE upper(dn)=upper(?)"
Nov 29 11:52:48 REMOVED slapd[5376]:    backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): id=7 keyval=7 oc_id=1 dn=uid=REMOVED,ou=people,o=REMOVED,dc=de
Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <uid=REMOVED,ou=people,o=REMOVED,dc=de>, <uid=REMOVED,ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_dn2id("uid=REMOVED,ou=people,o=REMOVED,dc=de"): err=0
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): attribute "objectClass" is in list
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_attrlist_add(): adding "ref" to list
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_id2entry()
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): custom attribute list
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): attribute "ref" is not defined for objectlass "inetOrgPerson"
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_id2entry()
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "entry" requested
Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd)
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_search(): loading data for entry id=7 oc_id=1, keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter
Nov 29 11:52:48 REMOVED slapd[5376]:     AND
Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter_and
Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter
Nov 29 11:52:48 REMOVED slapd[5376]:     EQUALITY
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "objectClass" requested
Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd)
Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 6
Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter
Nov 29 11:52:48 REMOVED slapd[5376]:     SUBSTRINGS
Nov 29 11:52:48 REMOVED slapd[5376]: begin test_substrings_filter
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access to "uid=REMOVED,ou=people,o=REMOVED,dc=de" "memberOf" requested
Nov 29 11:52:48 REMOVED slapd[5376]: <= root access granted
Nov 29 11:52:48 REMOVED slapd[5376]: => access_allowed: search access granted by manage(=mwrscxd)
Nov 29 11:52:48 REMOVED slapd[5376]: end test_substrings_filter 5
Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 5
Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter_and 5
Nov 29 11:52:48 REMOVED slapd[5376]: <= test_filter 5
Nov 29 11:52:48 REMOVED slapd[5376]: send_paged_response: lastid=0x00000000 nentries=0
Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_result: conn=1034 op=1 p=3
Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_result: err=0 matched="" text=""
Nov 29 11:52:48 REMOVED slapd[5376]: send_ldap_response: msgid=2 tag=101 err=0
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_search()
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on:
Nov 29 11:52:48 REMOVED slapd[5376]:  21r
Nov 29 11:52:48 REMOVED slapd[5376]: 
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: read active on 21
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21)
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: connection_get(21): got connid=1034
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: connection_read(21): checking for input on id=1034
Nov 29 11:52:48 REMOVED slapd[5376]: op tag 0x63, time 1511952768
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 do_search
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on 1 descriptor
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: activity on:
Nov 29 11:52:48 REMOVED slapd[5376]: >>> dnPrettyNormal: <ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: 
Nov 29 11:52:48 REMOVED slapd[5376]: <<< dnPrettyNormal: <ou=people,o=REMOVED,dc=de>, <ou=people,o=REMOVED,dc=de>
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: SRCH "ou=people,o=REMOVED,dc=de" 2 0
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Nov 29 11:52:48 REMOVED slapd[5376]:     0 0 0
Nov 29 11:52:48 REMOVED slapd[5376]: begin get_filter
Nov 29 11:52:48 REMOVED slapd[5376]: EQUALITY
Nov 29 11:52:48 REMOVED slapd[5376]: end get_filter 0
Nov 29 11:52:48 REMOVED slapd[5376]:     filter: (uid=REMOVED)
Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls
Nov 29 11:52:48 REMOVED slapd[5376]: => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical)
Nov 29 11:52:48 REMOVED slapd[5376]: <= get_ctrls: n=1 rc=0 err=""
Nov 29 11:52:48 REMOVED slapd[5376]:     attrs:
Nov 29 11:52:48 REMOVED slapd[5376]:  dn
Nov 29 11:52:48 REMOVED slapd[5376]: 
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SRCH base="ou=people,o=REMOVED,dc=de" scope=2 deref=0 filter="(uid=REMOVED)"
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SRCH attr=dn
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_search(): base="ou=people,o=REMOVED,dc=de", filter="(uid=REMOVED)", scope=2,
Nov 29 11:52:48 REMOVED slapd[5376]:  deref=0, attrsonly=0, attributes to load: custom list
...
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_oc_get_candidates(): oc="posixGroup"
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_srch_query()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_process_filter()
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_process_filter() succeeded
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_srch_query() returns SELECT DISTINCT ldap_entries.id,applicationrole.id,text('posixGroup') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,applicationr
Nov 29 11:52:48 REMOVED slapd[5376]: Constructed query: SELECT DISTINCT ldap_entries.id,applicationrole.id,text('posixGroup') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,applicationrole WHERE app
Nov 29 11:52:48 REMOVED slapd[5376]: id: '4'
Nov 29 11:52:48 REMOVED slapd[5376]: (sub)dn: "%OU=PEOPLE,O=REMOVED,DC=DE"
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_oc_get_candidates(): 0
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_search(): loading data for entry id=7 oc_id=1, keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_id2entry()
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_id2entry(): retrieving all attributes
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="cn" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="sn" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="uid" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="email" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="client" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="clientId" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="memberOf" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 3
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="clientPrefix" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="userPassword" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="telephoneNumber" keyval=7
Nov 29 11:52:48 REMOVED slapd[5376]: backsql_get_attr_vals(): number of values in query: 1
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_get_attr_vals()
Nov 29 11:52:48 REMOVED slapd[5376]: <==backsql_id2entry()
Nov 29 11:52:48 REMOVED slapd[5376]: => test_filter
Nov 29 11:52:48 REMOVED slapd[5376]:     EQUALITY
...
Nov 29 11:52:48 REMOVED slapd[5376]: conn=1034 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

This seems fine, LDAP is offering the user, no errors. But with one login I get this upper loop like 600+ times.

Also I checked everything in my LDAP-Config in nextcloud. Tested connection, retreived groups and users, even verified the username. It all looks good and ok, nextcloud keeps saying “User found and settings verified.”

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
‘instanceid’ => ‘REMOVED’,
‘passwordsalt’ => ‘REMOVED’,
‘secret’ => ‘REMOVED’,
‘trusted_domains’ =>
array (
0 => ‘REMOVED’,
),
‘datadirectory’ => ‘REMOVED’,
‘overwrite.cli.url’ => ‘REMOVED’,
‘dbtype’ => ‘pgsql’,
‘version’ => ‘12.0.3.3’,
‘dbname’ => ‘REMOVED’,
‘dbhost’ => ‘REMOVED’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘REMOVED’,
‘dbpassword’ => ‘REMOVED’,
‘installed’ => true,
‘ldapIgnoreNamingRules’ => false,
‘ldapProviderFactory’ => ‘\OCA\User_LDAP\LDAPProviderFactory’,
‘loglevel’ => 0,
);

The output of your Apache/nginx/system log in /var/log/____:
This is basicly empty, just some access logs. Nextcloud itself is fine and works as intended. It is just the LDAP issue.

I don’t know what to do. Tried everything I can come up with.

Can you log in to LDAP directly, without using Nextcloud? Using the built-in (openLDAP?) tools?

Is your openLDAP server set up with the memberof overlay? Described as the member-of-overlay in the following document:

https://docs.nextcloud.com/server/12/admin_manual/configuration_user/user_auth_ldap.html#users-tab

Hi terry,

thanks for the reply.

Can you log in to LDAP directly, without using Nextcloud? Using the built-in (openLDAP?) tools?

Yes, I have other applications connected to my LDAP and there I can log in with the same user.

Is your openLDAP server set up with the memberof overlay?

I use my LDAP with the SQL-Backend so I added the memberOf attribute manually due to ldap_attr_mapping table, which is working as intended.

This is an LDAP search:

# REMOVED, people, REMOVED, de
dn: uid=REMOVED,ou=people,o=REMOVED,dc=de
objectClass: inetOrgPerson
cn: REMOVED
sn: REMOVED
uid: REMOVED
email: REMOVED
client: REMOVED
clientId: 1
memberOf: REMOVED
memberOf: nextcloud_admin
clientPrefix: REMOVED
userPassword:: REMOVED

This is my user-filter in nextcloud:

(memberOf=nextcloud_*)

Because I want only the user in any nextcloud group to be able to log in. When I press on “verify settings and count users” it shows me 1, which is correct.

Do I still need the memberOf-Overlay? There is one for Gentoo, but I tried to avoid it because of my SQL-Backend.

Here are some images by what I meant with LDAP_User Looks ok, groups does not.

My user is listed here, and has his group. Also the groups are shown on the side menu.
If I press on the LDAP groups, they’re empty:

NextCloud_LDAP_User_has_group_group_does_not1791×624 16.2 KB

LDAP log looks the same when I press on the groups:

Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_search(): base="cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de", filter="(objectClass=*)", scope=0,
Dec  1 08:55:57 REMOVED slapd[3201]:  deref=0, attrsonly=0, attributes to load: custom list
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_db_conn()
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_db_conn()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_dn2id("cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de") matched expected
Dec  1 08:55:57 REMOVED slapd[3201]:    backsql_dn2id("cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE upper(dn)=upper(?)"
Dec  1 08:55:57 REMOVED slapd[3201]:    backsql_dn2id("cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"): id=39 keyval=39 oc_id=4 dn=cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de
Dec  1 08:55:57 REMOVED slapd[3201]: >>> dnPrettyNormal: <cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de>
Dec  1 08:55:57 REMOVED slapd[3201]: <<< dnPrettyNormal: <cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de>, <cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de>
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_dn2id("cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"): err=0
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_id2entry()
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_id2entry(): retrieving all attributes
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="cn" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 1
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_attr_vals()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="name" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 1
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_attr_vals()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="gidNumber" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 1
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_attr_vals()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="memberUid" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 1
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_attr_vals()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="description" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 1
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_attr_vals()
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_attr_vals(): oc="posixGroup" attr="objectClass" keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_get_attr_vals(): number of values in query: 0
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_id2entry()
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: search access to "cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de" "entry" requested
Dec  1 08:55:57 REMOVED slapd[3201]: <= root access granted
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: search access granted by manage(=mwrscxd)
Dec  1 08:55:57 REMOVED slapd[3201]: backsql_search(): loading data for entry id=39 oc_id=4, keyval=39
Dec  1 08:55:57 REMOVED slapd[3201]: => test_filter
Dec  1 08:55:57 REMOVED slapd[3201]:     PRESENT
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: search access to "cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de" "objectClass" requested
Dec  1 08:55:57 REMOVED slapd[3201]: <= root access granted
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: search access granted by manage(=mwrscxd)
Dec  1 08:55:57 REMOVED slapd[3201]: <= test_filter 6
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_operational(): entry "cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"
Dec  1 08:55:57 REMOVED slapd[3201]: ==>backsql_get_db_conn()
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_get_db_conn()
Dec  1 08:55:57 REMOVED slapd[3201]: <==backsql_operational(0)
Dec  1 08:55:57 REMOVED slapd[3201]: => send_search_entry: conn 1225 dn="cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: read access to "cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de" "entry" requested
Dec  1 08:55:57 REMOVED slapd[3201]: <= root access granted
Dec  1 08:55:57 REMOVED slapd[3201]: => access_allowed: read access granted by manage(=mwrscxd)
Dec  1 08:55:57 REMOVED slapd[3201]: conn=1225 op=3 ENTRY dn="cn=nextcloud_admin,ou=groups,o=REMOVED,dc=de"
Dec  1 08:55:57 REMOVED slapd[3201]: <= send_search_entry: conn 1225 exit.

But after what appears to be a valid LDAP search and response it keeps repeating, same as during the login.

OK, I broke it all down as simple as it could be.

Userlist: Show all
Filter is simply objectClass=*

Login Attributes Filter is now only: uid=%uid

With this setup I can login! LDAP Groups still empty. So it has to be the group connection, the MemberOf filter seems to be in the way for login.

• edit -

This is still working for Login Attributes Filter:
(&(memberOf=nextcloud_*)(uid=%uid))

If I add this again to User Filter, it’s not working
memberOf=nextcloud_*

OK this is definetly a problem with my filter, sorry to bother you all