LDAP with Active Directory, no users

#1

I’m having a bit of trouble with LDAP, connecting to AD. I’m running Nextcloud in a Docker on unRAID, using the linuxserver/nextcloud docker. I have re-built the Nextcloud and MariaDB dockers 20+ times to no avail. I deployed the official Nextcloud VM (https://github.com/nextcloud/vm), and LDAP works fine. As far as I can tell, I have configured the LDAP settings the same on both. Both are running v12.0.0.

On the VM, when I click on users, I get a list of users (3 that are in the group I configured). On the Docker, it just spins, and I get a couple of messages about “uid” in the log that I do not get on the VM.

Help please!??!

Here is the LDAP config on the Docker (not working):

root@1f59ecae9dc1:/config/www/nextcloud$ sudo -u abc php7 occ ldap:show-config
±------------------------------±--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
±------------------------------±--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=svc_nextcloud,OU=Service.Accounts,DC=redacted,DC=org |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | DC=redacted,DC=org |
| ldapBaseGroups | DC=redacted,DC=org |
| ldapBaseUsers | DC=redacted,DC=org |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | samaccountname |
| ldapExpertUsernameAttr | samaccountname |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 10.1.1.3 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=NextCloud.Users.ALL,OU=Groups,DC=redacted,DC=org)(primaryGroupID=15108))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(displayName=%uid)(distinguishedName=%uid)))) |
| ldapLoginFilterAttributes | displayName;distinguishedName |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | mail |
| ldapUserFilter | (&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=NextCloud.Users.ALL,OU=Groups,DC=redacted,DC=org)(primaryGroupID=15108)))) |
| ldapUserFilterGroups | NextCloud.Users.ALL |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person;user |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Here is the LDAP config on the VM (working):

root@nextcloudvm:/var/www/nextcloud# sudo -u www-data ./occ ldap:show-config
±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| Configuration |
±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| hasMemberOfFilterSupport | 1
| hasPagedResultSupport |
| homeFolderNamingRule |
| lastJpegPhotoLookup | 0
| ldapAgentName | CN=svc_nextcloud,OU=Service.Accounts,DC=redacted,DC=org
| ldapAgentPassword | ***
| ldapAttributesForGroupSearch |
| ldapAttributesForUserSearch |
| ldapBackupHost |
| ldapBackupPort |
| ldapBase | DC=redacted,DC=org
| ldapBaseGroups | DC=redacted,DC=org
| ldapBaseUsers | DC=redacted,DC=org
| ldapCacheTTL | 600
| ldapConfigurationActive | 1
| ldapDefaultPPolicyDN |
| ldapDynamicGroupMemberURL |
| ldapEmailAttribute | mail
| ldapExperiencedAdmin | 0
| ldapExpertUUIDGroupAttr |
| ldapExpertUUIDUserAttr | samaccountname
| ldapExpertUsernameAttr | samaccountname
| ldapGidNumber | gidNumber
| ldapGroupDisplayName | cn
| ldapGroupFilter |
| ldapGroupFilterGroups |
| ldapGroupFilterMode | 0
| ldapGroupFilterObjectclass |
| ldapGroupMemberAssocAttr | member
| ldapHost | 10.1.1.3
| ldapIgnoreNamingRules |
| ldapLoginFilter | (&(&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=NextCloud.Users.ALL,OU=Groups,DC=redacted,DC=org)(primaryGroupID=15108))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(displayName=%uid)(distingu
| ldapLoginFilterAttributes | displayName;distinguishedName
| ldapLoginFilterEmail | 1
| ldapLoginFilterMode | 0
| ldapLoginFilterUsername | 1
| ldapNestedGroups | 0
| ldapOverrideMainServer |
| ldapPagingSize | 500
| ldapPort | 389
| ldapQuotaAttribute |
| ldapQuotaDefault |
| ldapTLS | 0
| ldapUserDisplayName | displayname
| ldapUserDisplayName2 | mail
| ldapUserFilter | (&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=NextCloud.Users.ALL,OU=Groups,DC=redacted,DC=org)(primaryGroupID=15108))))
| ldapUserFilterGroups | NextCloud.Users.ALL
| ldapUserFilterMode | 0
| ldapUserFilterObjectclass | person;user
| ldapUuidGroupAttribute | auto
| ldapUuidUserAttribute | auto
| turnOffCertCheck | 0
| turnOnPasswordChange | 0
| useMemberOfToDetectMembership | 1
±------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
root@nextcloudvm:/var/www/nextcloud#

This is the error I get on the Docker that I do not get on the VM.

Error index InvalidArgumentException: uid must not be an empty string!
/config/www/nextcloud/apps/user_ldap/lib/User/Manager.php - line 131: OCA\User_LDAP\User\User->__construct(’’, ‘cn=steven …’, Object(OCA\User_LDAP\Access), Object(OC\AllConfig), Object(OCA\User_LDAP\FilesystemHelper), Object(OCP\Image), Object(OCA\User_LDAP\LogWrapper), Object(OC\AvatarManager), Object(OC\User\Manager), Object(OC\Notification\Manager))
/config/www/nextcloud/apps/user_ldap/lib/User/Manager.php - line 222: OCA\User_LDAP\User\Manager->createAndCache(‘cn=steven w. da…’, ‘’)
/config/www/nextcloud/apps/user_ldap/lib/User/Manager.php - line 248: OCA\User_LDAP\User\Manager->createInstancyByUserName(’’)
/config/www/nextcloud/apps/user_ldap/lib/Access.php - line 828: OCA\User_LDAP\User\Manager->get(’’)
/config/www/nextcloud/apps/user_ldap/lib/Access.php - line 806: OCA\User_LDAP\Access->batchApplyUserAttributes(Array)
/config/www/nextcloud/apps/user_ldap/lib/User_LDAP.php - line 253: OCA\User_LDAP\Access->fetchListOfUsers(’(&(&(|(objectcl…’, Array, 50, 0)
/config/www/nextcloud/apps/user_ldap/lib/User_Proxy.php - line 149: OCA\User_LDAP\User_LDAP->getUsers(’’, 50, 0)
/config/www/nextcloud/lib/private/User/Manager.php - line 233: OCA\User_LDAP\User_Proxy->getUsers(’’, 50, 0)
/config/www/nextcloud/settings/Controller/UsersController.php - line 274: OC\User\Manager->search(’’, 50, 0)
[internal function] OC\Settings\Controller\UsersController->index(0, 50, ‘’, ‘’, ‘’)
/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OC\Settings\Controller\UsersController), ‘index’)
/config/www/nextcloud/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Settings\Controller\UsersController), ‘index’)
/config/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main(‘OC\Settings\Con…’, ‘index’, Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/config/www/nextcloud/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/config/www/nextcloud/lib/base.php - line 1000: OC\Route\Router->match(’/settings/users…’)
/config/www/nextcloud/index.php - line 40: OC handleRequest()
{main}
2017-05-26T08:17:41-0500
Error user_ldap uid for ‘cn=steven …,ou=domain.users,ou=accounts,dc=redacted’ must not be an empty string

And as you can see, it is finding my users.

Thanks for your help!

New users are not created from LDAP
#2

Did you ever figure this one out? I am bumping into the exact same issue here.