Local auth failover not working if AD server is unreachable

ℹ️ Support
,
1

Nextcloud version (eg, 20.0.5): 27.1.3
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04.3 LTS
Apache or nginx version (eg, Apache 2.4.25): used PHP-FPM
PHP version (eg, 7.4): 8.1.25

The issue you are facing:

When AD server is not reachable and TTL is over no one can access NextCloud, even local admins.

Is this the first time you’ve seen this error? (Y/N): YES

Steps to replicate it:

  1. Configure LDAP auth
  2. Make AD server temporary unreachable
  3. Try to access with local admin when TTL is over

The output of your Nextcloud log in Admin > Logging:
|Error|index|OC\ServerNotAvailableException: Lost connection to LDAP server.

  1. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 420:OCA\User_LDAP\LDAP->processLDAPError()

  2. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 309:OCA\User_LDAP\LDAP->postFunctionCall()

  3. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 67:OCA\User_LDAP\LDAP->invokeLDAPMethod(“*** sensiti … *”)

  4. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 715:OCA\User_LDAP\LDAP->bind(“*** sensiti … *”)

  5. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 643:OCA\User_LDAP\Connection->bind(“*** sensiti … *”)

  6. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 238:OCA\User_LDAP\Connection->establishConnection()

  7. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 246:OCA\User_LDAP\Connection->init()

  8. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 1110:OCA\User_LDAP\Connection->getConnectionResource()

  9. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 1290:OCA\User_LDAP\Access->executeSearch()

  10. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 977:OCA\User_LDAP\Access->search()

  11. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 869:OCA\User_LDAP\Access->searchUsers()

  12. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 849:OCA\User_LDAP\Access->fetchListOfUsers()

  13. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_LDAP.php - line 163:OCA\User_LDAP\Access->fetchUsersByLoginName()

  14. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_LDAP.php - line 126:OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName()

  15. <>OCA\User_LDAP\User_LDAP->loginName2UserName(“*** sensiti … *”)

  16. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 110:call_user_func_array()

  17. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Proxy.php - line 140:OCA\User_LDAP\User_Proxy->walkBackends()

  18. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 270:OCA\User_LDAP\Proxy->handleRequest()

  19. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Helper.php - line 282:OCA\User_LDAP\User_Proxy->loginName2UserName(“*** sensiti … *”)

  20. /snap/nextcloud/38457/htdocs/lib/private/legacy/OC_Hook.php - line 105:OCA\User_LDAP\Helper::loginName2UserName(“*** sensiti … *”)

  21. /snap/nextcloud/38457/htdocs/lib/public/Util.php - line 406:OC_Hook::emit()

  22. /snap/nextcloud/38457/htdocs/apps/password_policy/lib/ComplianceService.php - line 92:OCP\Util::emitHook()

  23. /snap/nextcloud/38457/htdocs/apps/password_policy/lib/Listener/BeforeUserLoggedInEventListener.php - line 45:OCA\Password_Policy\ComplianceService->entryControl()

  24. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/ServiceEventListener.php - line 86:OCA\Password_Policy\Listener\BeforeUserLoggedInEventListener->handle()

  25. /snap/nextcloud/38457/htdocs/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 251:OC\EventDispatcher\ServiceEventListener->__invoke()

  26. /snap/nextcloud/38457/htdocs/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 73:Symfony\Component\EventDispatcher\EventDispatcher->callListeners()

  27. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/EventDispatcher.php - line 94:Symfony\Component\EventDispatcher\EventDispatcher->dispatch()

  28. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/EventDispatcher.php - line 106:OC\EventDispatcher\EventDispatcher->dispatch()

  29. /snap/nextcloud/38457/htdocs/lib/private/Server.php - line 627:OC\EventDispatcher\EventDispatcher->dispatchTyped()

  30. <>OC\Server->OC{closure}(“*** sensiti … *”)

  31. /snap/nextcloud/38457/htdocs/lib/private/Hooks/EmitterTrait.php - line 105:call_user_func_array()

  32. /snap/nextcloud/38457/htdocs/lib/private/Hooks/PublicEmitter.php - line 40:OC\Hooks\BasicEmitter->emit()

  33. /snap/nextcloud/38457/htdocs/lib/private/Authentication/Login/PreLoginHookCommand.php - line 47:OC\Hooks\PublicEmitter->emit()

  34. /snap/nextcloud/38457/htdocs/lib/private/Authentication/Login/Chain.php - line 107:OC\Authentication\Login\PreLoginHookCommand->process()

  35. /snap/nextcloud/38457/htdocs/core/Controller/LoginController.php - line 326:OC\Authentication\Login\Chain->process()

  36. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/Http/Dispatcher.php - line 230:OC\Core\Controller\LoginController->tryLogin(“*** sensiti … *”)

  37. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/Http/Dispatcher.php - line 137:OC\AppFramework\Http\Dispatcher->executeController()

  38. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/App.php - line 183:OC\AppFramework\Http\Dispatcher->dispatch()

  39. /snap/nextcloud/38457/htdocs/lib/private/Route/Router.php - line 315:OC\AppFramework\App::main()

  40. /snap/nextcloud/38457/htdocs/lib/base.php - line 1068:OC\Route\Router->match()

  41. /snap/nextcloud/38457/htdocs/index.php - line 36:OC::handleRequest()||2023-11-15T16:07:36+0100|
    | — | — |
    |Error|no app in context|OC\ServerNotAvailableException: Lost connection to LDAP server.

  42. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 420:OCA\User_LDAP\LDAP->processLDAPError()

  43. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 309:OCA\User_LDAP\LDAP->postFunctionCall()

  44. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 67:OCA\User_LDAP\LDAP->invokeLDAPMethod(“*** sensiti … *”)

  45. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 715:OCA\User_LDAP\LDAP->bind(“*** sensiti … *”)

  46. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 643:OCA\User_LDAP\Connection->bind(“*** sensiti … *”)

  47. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 238:OCA\User_LDAP\Connection->establishConnection()

  48. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 246:OCA\User_LDAP\Connection->init()

  49. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 1110:OCA\User_LDAP\Connection->getConnectionResource()

  50. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 1290:OCA\User_LDAP\Access->executeSearch()

  51. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 977:OCA\User_LDAP\Access->search()

  52. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 869:OCA\User_LDAP\Access->searchUsers()

  53. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 849:OCA\User_LDAP\Access->fetchListOfUsers()

  54. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_LDAP.php - line 163:OCA\User_LDAP\Access->fetchUsersByLoginName()

  55. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_LDAP.php - line 126:OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName()

  56. <>OCA\User_LDAP\User_LDAP->loginName2UserName(“*** sensiti … *”)

  57. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 110:call_user_func_array()

  58. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Proxy.php - line 140:OCA\User_LDAP\User_Proxy->walkBackends()

  59. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 270:OCA\User_LDAP\Proxy->handleRequest()

  60. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Helper.php - line 282:OCA\User_LDAP\User_Proxy->loginName2UserName(“*** sensiti … *”)

  61. /snap/nextcloud/38457/htdocs/lib/private/legacy/OC_Hook.php - line 105:OCA\User_LDAP\Helper::loginName2UserName(“*** sensiti … *”)

  62. /snap/nextcloud/38457/htdocs/lib/public/Util.php - line 406:OC_Hook::emit()

  63. /snap/nextcloud/38457/htdocs/apps/password_policy/lib/ComplianceService.php - line 92:OCP\Util::emitHook()

  64. /snap/nextcloud/38457/htdocs/apps/password_policy/lib/Listener/BeforeUserLoggedInEventListener.php - line 45:OCA\Password_Policy\ComplianceService->entryControl()

  65. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/ServiceEventListener.php - line 86:OCA\Password_Policy\Listener\BeforeUserLoggedInEventListener->handle()

  66. /snap/nextcloud/38457/htdocs/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 251:OC\EventDispatcher\ServiceEventListener->__invoke()

  67. /snap/nextcloud/38457/htdocs/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 73:Symfony\Component\EventDispatcher\EventDispatcher->callListeners()

  68. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/EventDispatcher.php - line 94:Symfony\Component\EventDispatcher\EventDispatcher->dispatch()

  69. /snap/nextcloud/38457/htdocs/lib/private/EventDispatcher/EventDispatcher.php - line 106:OC\EventDispatcher\EventDispatcher->dispatch()

  70. /snap/nextcloud/38457/htdocs/lib/private/Server.php - line 627:OC\EventDispatcher\EventDispatcher->dispatchTyped()

  71. <>OC\Server->OC{closure}(“*** sensiti … *”)

  72. /snap/nextcloud/38457/htdocs/lib/private/Hooks/EmitterTrait.php - line 105:call_user_func_array()

  73. /snap/nextcloud/38457/htdocs/lib/private/Hooks/PublicEmitter.php - line 40:OC\Hooks\BasicEmitter->emit()

  74. /snap/nextcloud/38457/htdocs/lib/private/Authentication/Login/PreLoginHookCommand.php - line 47:OC\Hooks\PublicEmitter->emit()

  75. /snap/nextcloud/38457/htdocs/lib/private/Authentication/Login/Chain.php - line 107:OC\Authentication\Login\PreLoginHookCommand->process()

  76. /snap/nextcloud/38457/htdocs/core/Controller/LoginController.php - line 326:OC\Authentication\Login\Chain->process()

  77. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/Http/Dispatcher.php - line 230:OC\Core\Controller\LoginController->tryLogin(“*** sensiti … *”)

  78. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/Http/Dispatcher.php - line 137:OC\AppFramework\Http\Dispatcher->executeController()

  79. /snap/nextcloud/38457/htdocs/lib/private/AppFramework/App.php - line 183:OC\AppFramework\Http\Dispatcher->dispatch()

  80. /snap/nextcloud/38457/htdocs/lib/private/Route/Router.php - line 315:OC\AppFramework\App::main()

  81. /snap/nextcloud/38457/htdocs/lib/base.php - line 1068:OC\Route\Router->match()

  82. /snap/nextcloud/38457/htdocs/index.php - line 36:OC::handleRequest()||2023-11-15T16:07:36+0100|
    |Error|core|OC\ServerNotAvailableException: Lost connection to LDAP server.

  83. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 420:OCA\User_LDAP\LDAP->processLDAPError()

  84. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 309:OCA\User_LDAP\LDAP->postFunctionCall()

  85. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/LDAP.php - line 67:OCA\User_LDAP\LDAP->invokeLDAPMethod(“*** sensiti … *”)

  86. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 715:OCA\User_LDAP\LDAP->bind(“*** sensiti … *”)

  87. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 643:OCA\User_LDAP\Connection->bind(“*** sensiti … *”)

  88. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 238:OCA\User_LDAP\Connection->establishConnection()

  89. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Connection.php - line 246:OCA\User_LDAP\Connection->init()

  90. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 1076:OCA\User_LDAP\Connection->getConnectionResource()

  91. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 253:OCA\User_LDAP\Access->invokeLDAPMethod(“*** sensiti … *”)

  92. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Access.php - line 204:OCA\User_LDAP\Access->executeRead()

  93. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_LDAP.php - line 324:OCA\User_LDAP\Access->readAttribute()

  94. <>OCA\User_LDAP\User_LDAP->userExistsOnLDAP()

  95. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 110:call_user_func_array()

  96. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/Proxy.php - line 140:OCA\User_LDAP\User_Proxy->walkBackends()

  97. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 246:OCA\User_LDAP\Proxy->handleRequest()

  98. /snap/nextcloud/38457/htdocs/apps/user_ldap/lib/User_Proxy.php - line 223:OCA\User_LDAP\User_Proxy->userExistsOnLDAP()

  99. /snap/nextcloud/38457/htdocs/lib/private/User/Manager.php - line 173:OCA\User_LDAP\User_Proxy->userExists()

  100. /snap/nextcloud/38457/htdocs/lib/private/User/Session.php - line 228:OC\User\Manager->get()

  101. /snap/nextcloud/38457/htdocs/lib/private/L10N/Factory.php - line 199:OC\User\Session->getUser()

  102. /snap/nextcloud/38457/htdocs/lib/public/Util.php - line 227:OC\L10N\Factory->findLanguage()

  103. /snap/nextcloud/38457/htdocs/lib/private/legacy/OC_Template.php - line 111:OCP\Util::addTranslations()

  104. /snap/nextcloud/38457/htdocs/lib/private/legacy/OC_Template.php - line 77:OC_Template::initTemplateEngine()

  105. /snap/nextcloud/38457/htdocs/lib/private/legacy/OC_Template.php - line 321:OC_Template->__construct()

  106. /snap/nextcloud/38457/htdocs/index.php - line 74:OC_Template::printExceptionErrorPage()|

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'apps_paths' => array ( 0 => array ( 'path' => '/snap/nextcloud/current/htdocs/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps', 'url' => '/extra-apps', 'writable' => true, ), ), 'supportedDatabases' => array ( 0 => 'mysql', ), 'memcache.locking' => '\\OC\\Memcache\\Redis', 'memcache.local' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/tmp/sockets/redis.sock', 'port' => 0, ), 'log_type' => 'file', 'logfile' => '/var/snap/nextcloud/current/logs/nextcloud.log', 'logfilemode' => 416, 'instanceid' => 'secret', 'passwordsalt' => 'secret', 'secret' => 'secret', 'trusted_domains' => array ( 0 => 'secret', 1 => 'secret', ), 'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data', 'dbtype' => 'mysql', 'version' => '27.1.3.2', 'overwrite.cli.url' => 'secret', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/sockets/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'secret', 'dbpassword' => 'secret', 'installed' => true, 'maintenance' => false, 'mail_smtpmode' => 'smtp', 'mail_smtpsecure' => 'ssl', 'mail_sendmailmode' => 'smtp', 'mail_from_address' => 'secret', 'mail_domain' => 'secret', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtphost' => 'secret', 'mail_smtpauth' => 1, 'mail_smtpname' => 'secret', 'mail_smtppassword' => 'secret', 'mail_smtpport' => '465', 'loglevel' => 2, 'app_install_overwrite' => array ( 0 => 'documentserver_community', ), 'theme' => '', 'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory', 'twofactor_enforced' => 'false', 'twofactor_enforced_groups' => array ( ), 'twofactor_enforced_excluded_groups' => array ( ), ); I already read different posts talking about situations similar to mine, but none of the solutions where "acceptable". What i would like to obtain is: - If for some reasons the AD server is unreachable then i can login with my local user. I searched in the administration settings but i can't find a way to do it. If i test this case, when LDAP is down and i try to login with local user it freeze on logging in and then, after it reach some kind of timeout, it gives me a server error. The only way to make it work again is to make LDAP reachable or disable LDAP config from CLI. Does anyone know about any workaround for this kind of problem? Thanks in advance. Andrea