LDAP Users disappear

Highview-Lucas · June 17, 2019, 3:13am

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 12.0.2): 15.0.5
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04 + Docker
Apache or nginx version (eg, Apache 2.4.25): Nginx
PHP version (eg, 7.1): 7.2

The issue you are facing:
LDAP Users sometimes disappear from NC. The few times I’ve seen it, they’ve reappearred before I’ve been able to work out why they’d disappearred.

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

Have a working NC install.
Wait for a user to say they cannot login
search for the user in nextcloud, they’re gone.
wait a day.
the user is (usually) back

The output of your Nextcloud log in Admin > Logging:

{"reqId":"ZtpmRAg0idapW4vLDOja","level":2,"time":"2019-06-17T03:06:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"ZtpmRAg0idapW4vLDOja","level":2,"time":"2019-06-17T03:06:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Login failed: 'lfitt' (Remote IP: '172.25.0.1')","userAgent":"--","version":"15.0.5.3"}
{"reqId":"sqMeiVfKQgZxsI7viArF","level":2,"time":"2019-06-17T03:07:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"sqMeiVfKQgZxsI7viArF","level":2,"time":"2019-06-17T03:07:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"sqMeiVfKQgZxsI7viArF","level":2,"time":"2019-06-17T03:07:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Login failed: 'lfitt' (Remote IP: '172.25.0.1')","userAgent":"--","version":"15.0.5.3"}
{"reqId":"GgFZINmvyRvSZP4JxLuQ","level":2,"time":"2019-06-17T03:08:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"GgFZINmvyRvSZP4JxLuQ","level":2,"time":"2019-06-17T03:08:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"GgFZINmvyRvSZP4JxLuQ","level":2,"time":"2019-06-17T03:08:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Login failed: 'lfitt' (Remote IP: '172.25.0.1')","userAgent":"--","version":"15.0.5.3"}
{"reqId":"aihguTU9eTI2QhGaPXo6","level":2,"time":"2019-06-17T03:09:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"aihguTU9eTI2QhGaPXo6","level":2,"time":"2019-06-17T03:09:27+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"aihguTU9eTI2QhGaPXo6","level":2,"time":"2019-06-17T03:09:27+00:00","remoteAddr":"172.25.0.1","user":"--","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Login failed: 'lfitt' (Remote IP: '172.25.0.1')","userAgent":"--","version":"15.0.5.3"}
{"reqId":"s0mNFYBZYVKFLw3R3E9K","level":2,"time":"2019-06-17T03:10:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"s0mNFYBZYVKFLw3R3E9K","level":2,"time":"2019-06-17T03:10:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Bind failed: 49: Invalid credentials","userAgent":"--","version":"15.0.5.3"}
{"reqId":"s0mNFYBZYVKFLw3R3E9K","level":2,"time":"2019-06-17T03:10:26+00:00","remoteAddr":"172.25.0.1","user":"--","app":"core","method":"GET","url":"\/ocs\/v2.php\/apps\/serverinfo\/api\/v1\/info?format=json","message":"Login failed: 'lfitt' (Remote IP: '172.25.0.1')","userAgent":"--","version":"15.0.5.3"}

Highview-Lucas · June 27, 2019, 3:58am

I ended up solving this one, it was a case of two groups with the same name, in different OUs with differnt members.

Randomly the people in the ‘second’ AD group were the ones to disappear - moving all of the users into the ‘first’ AD group and removing the ‘second’ one solved the issue.

‘first’ and ‘second’ being entirely arbitrary here - the group that was deeper into the org structure was the ‘second’ one in this case.

Nextcloud really, really does not like groups with the same name and different memeber lists. I can’t really say I can blame it.