Lost connection to LDAP server

marlon.markendorf · May 8, 2018, 6:12pm

[/details]

Nextcloud version: 13.0.2
Operating system and version: Centos 7
Apache or nginx version: Apache 2.4.6
PHP version: 7.1.17

The issue you are facing:

The connection with the LDAP is dropping several times…

Is this the first time you’ve seen this error? No

Steps to replicate it:

Accessing the login page

The output of your Nextcloud log in Admin > Logging:

Error	remote	OC\ServerNotAvailableException: Lost connection to LDAP server.
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 371: OCA\User_LDAP\LDAP->processLDAPError(Resource id #13)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 295: OCA\User_LDAP\LDAP->postFunctionCall()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 46: OCA\User_LDAP\LDAP->invokeLDAPMethod(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 641: OCA\User_LDAP\LDAP->bind(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 568: OCA\User_LDAP\Connection->bind(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 181: OCA\User_LDAP\Connection->establishConnection()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 189: OCA\User_LDAP\Connection->init()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 1058: OCA\User_LDAP\Connection->getConnectionResource()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 1224: OCA\User_LDAP\Access->executeSearch('(|(sAMAccountNa...', Array, Array, 500, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 939: OCA\User_LDAP\Access->search('(|(sAMAccountNa...', Array, Array, NULL, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 843: OCA\User_LDAP\Access->searchUsers('(|(sAMAccountNa...', Array, NULL, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 816: OCA\User_LDAP\Access->fetchListOfUsers('(|(sAMAccountNa...', Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_LDAP.php - line 165: OCA\User_LDAP\Access->fetchUsersByLoginName('marlon.markendo...', Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_LDAP.php - line 182: OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName('marlon.markendo...')
[internal function] OCA\User_LDAP\User_LDAP->checkPassword(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_Proxy.php - line 108: call_user_func_array(Array, Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Proxy.php - line 150: OCA\User_LDAP\User_Proxy->callOnLastSeenOn('marlon.markendo...', 'checkPassword', Array, false)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_Proxy.php - line 196: OCA\User_LDAP\Proxy->handleRequest('marlon.markendo...', 'checkPassword', Array)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Manager.php - line 204: OCA\User_LDAP\User_Proxy->checkPassword(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Manager.php - line 181: OC\User\Manager->checkPasswordNoLogging(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 693: OC\User\Manager->checkPassword(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 727: OC\User\Session->checkTokenCredentials(Object(OC\Authentication\Token\DefaultToken), '32tvnsc7icdbjd0...')
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 257: OC\User\Session->validateToken(*** sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 232: OC\User\Session->validateSession()
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/legacy/app.php - line 336: OC\User\Session->getUser()
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/legacy/app.php - line 113: OC_App getEnabledApps()
/var/www/html/graficaibiruba.com.br/nuvem/remote.php - line 149: OC_App loadApps(Array)
{main}

Error index OC\ServerNotAvailableException: Lost connection to LDAP server.
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 371: OCA\User_LDAP\LDAP->processLDAPError(Resource id #13)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 295: OCA\User_LDAP\LDAP->postFunctionCall()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/LDAP.php - line 46: OCA\User_LDAP\LDAP->invokeLDAPMethod(*** sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 641: OCA\User_LDAP\LDAP->bind( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 568: OCA\User_LDAP\Connection->bind( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 181: OCA\User_LDAP\Connection->establishConnection()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Connection.php - line 189: OCA\User_LDAP\Connection->init()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 1058: OCA\User_LDAP\Connection->getConnectionResource()
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 1224: OCA\User_LDAP\Access->executeSearch(’(|(sAMAccountNa…’, Array, Array, 500, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 939: OCA\User_LDAP\Access->search(’(|(sAMAccountNa…’, Array, Array, NULL, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 843: OCA\User_LDAP\Access->searchUsers(’(|(sAMAccountNa…’, Array, NULL, NULL)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Access.php - line 816: OCA\User_LDAP\Access->fetchListOfUsers(’(|(sAMAccountNa…’, Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_LDAP.php - line 165: OCA\User_LDAP\Access->fetchUsersByLoginName(‘marlon.markendo…’, Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_LDAP.php - line 182: OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName(‘marlon.markendo…’)
[internal function] OCA\User_LDAP\User_LDAP->checkPassword( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_Proxy.php - line 108: call_user_func_array(Array, Array)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/Proxy.php - line 150: OCA\User_LDAP\User_Proxy->callOnLastSeenOn(‘marlon.markendo…’, ‘checkPassword’, Array, false)
/var/www/html/graficaibiruba.com.br/nuvem/apps/user_ldap/lib/User_Proxy.php - line 196: OCA\User_LDAP\Proxy->handleRequest(‘marlon.markendo…’, ‘checkPassword’, Array)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Manager.php - line 204: OCA\User_LDAP\User_Proxy->checkPassword( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Manager.php - line 181: OC\User\Manager->checkPasswordNoLogging( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 693: OC\User\Manager->checkPassword( sensitive parameters replaced )
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 727: OC\User\Session->checkTokenCredentials(Object(OC\Authentication\Token\DefaultToken), ‘32tvnsc7icdbjd0…’)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 257: OC\User\Session->validateToken( sensitive parameters replaced ***)
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 232: OC\User\Session->validateSession()
/var/www/html/graficaibiruba.com.br/nuvem/lib/private/User/Session.php - line 269: OC\User\Session->getUser()
/var/www/html/graficaibiruba.com.br/nuvem/lib/base.php - line 983: OC\User\Session->isLoggedIn()
/var/www/html/graficaibiruba.com.br/nuvem/index.php - line 37: OC handleRequest()
{main}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '*****',
  'passwordsalt' => '*****',
  'secret' => '********',
  'trusted_domains' =>
  array (
    0 => 'www.graficaibiruba.com.br',
    1 => 'graficaibiruba.interno',
  ),
  'datadirectory' => '/var/www/html/graficaibiruba.com.br/nuvem/data',
  'overwrite.cli.url' => 'https://www.graficaibiruba.com.br/nuvem',
  'dbtype' => 'mysql',
  'version' => '13.0.2.1',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => '**********',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
  'remember_login_cookie_lifetime' => 0,
  'session_lifetime' => 300,
  'session_keepalive' => 'false',
  'lost_password_link' => 'disabled',
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
       'host' => 'localhost',
       'port' => 6379,
        ),
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => '0',
  'log_rotate_size' => '104857600',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpsecure' => 'tls',
  'mail_from_address' => '*****',
  'mail_domain' => 'graficaibiruba.com.br',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '******',
  'mail_smtpport' => '587',
  'mail_smtpname' => '******',
  'mail_smtppassword' => '*******',
);
~

The output of your Apache/nginx/system log in /var/log/____:

[Tue May 08 13:53:54.860442 2018] [mpm_prefork:notice] [pid 12772] AH00170: caught SIGWINCH, shutting down gracefully
[Tue May 08 13:54:00.018301 2018] [suexec:notice] [pid 13037] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 08 13:54:00.020864 2018] [ssl:warn] [pid 13037] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 13:54:00.068445 2018] [auth_digest:notice] [pid 13037] AH01757: generating secret for digest authentication ...
[Tue May 08 13:54:00.069378 2018] [lbmethod_heartbeat:notice] [pid 13037] AH02282: No slotmem from mod_heartmonitor
[Tue May 08 13:54:00.071195 2018] [ssl:warn] [pid 13037] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 13:54:00.159373 2018] [mpm_prefork:notice] [pid 13037] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.17 configured -- resuming normal operations
[Tue May 08 13:54:00.159412 2018] [core:notice] [pid 13037] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue May 08 13:57:46.244162 2018] [mpm_prefork:notice] [pid 13037] AH00170: caught SIGWINCH, shutting down gracefully
[Tue May 08 13:58:06.388089 2018] [suexec:notice] [pid 13170] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 08 13:58:06.390702 2018] [ssl:warn] [pid 13170] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 13:58:06.430295 2018] [auth_digest:notice] [pid 13170] AH01757: generating secret for digest authentication ...
[Tue May 08 13:58:06.430970 2018] [lbmethod_heartbeat:notice] [pid 13170] AH02282: No slotmem from mod_heartmonitor
[Tue May 08 13:58:06.432249 2018] [ssl:warn] [pid 13170] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 13:58:06.516714 2018] [mpm_prefork:notice] [pid 13170] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.17 configured -- resuming normal operations
[Tue May 08 13:58:06.516744 2018] [core:notice] [pid 13170] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue May 08 14:11:34.975158 2018] [mpm_prefork:notice] [pid 13170] AH00170: caught SIGWINCH, shutting down gracefully
[Tue May 08 14:11:36.119890 2018] [suexec:notice] [pid 13642] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 08 14:11:36.121208 2018] [ssl:warn] [pid 13642] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 14:11:36.149497 2018] [auth_digest:notice] [pid 13642] AH01757: generating secret for digest authentication ...
[Tue May 08 14:11:36.150074 2018] [lbmethod_heartbeat:notice] [pid 13642] AH02282: No slotmem from mod_heartmonitor
[Tue May 08 14:11:36.151217 2018] [ssl:warn] [pid 13642] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 14:11:36.228723 2018] [mpm_prefork:notice] [pid 13642] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.17 configured -- resuming normal operations
[Tue May 08 14:11:36.228752 2018] [core:notice] [pid 13642] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue May 08 14:25:36.147068 2018] [mpm_prefork:notice] [pid 13642] AH00170: caught SIGWINCH, shutting down gracefully
[Tue May 08 14:25:46.302643 2018] [suexec:notice] [pid 14122] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 08 14:25:46.305189 2018] [ssl:warn] [pid 14122] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 14:25:46.340443 2018] [auth_digest:notice] [pid 14122] AH01757: generating secret for digest authentication ...
[Tue May 08 14:25:46.341009 2018] [lbmethod_heartbeat:notice] [pid 14122] AH02282: No slotmem from mod_heartmonitor
[Tue May 08 14:25:46.342188 2018] [ssl:warn] [pid 14122] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue May 08 14:25:46.419983 2018] [mpm_prefork:notice] [pid 14122] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.17 configured -- resuming normal operations
[Tue May 08 14:25:46.420018 2018] [core:notice] [pid 14122] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

LDAP Config:


+-------------------------------+----------------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                                    |
+-------------------------------+----------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                  |
| hasPagedResultSupport         |                                                                                                    |
| homeFolderNamingRule          | attr:sAMAccountName                                                                                |
| lastJpegPhotoLookup           | 0                                                                                                  |
| ldapAgentName                 | CN=Nextcloud Integrator,CN=Users,DC=graficaibiruba,DC=interno                                      |
| ldapAgentPassword             | ***                                                                                                |
| ldapAttributesForGroupSearch  |                                                                                                    |
| ldapAttributesForUserSearch   |                                                                                                    |
| ldapBackupHost                | ldaps://srvad2.graficaibiruba.interno:636                                                          |
| ldapBackupPort                |                                                                                                    |
| ldapBase                      | OU=Graficaibiruba,DC=graficaibiruba,DC=interno                                                     |
| ldapBaseGroups                |                                                                                                    |
| ldapBaseUsers                 |                                                                                                    |
| ldapCacheTTL                  | 600                                                                                                |
| ldapConfigurationActive       | 1                                                                                                  |
| ldapDefaultPPolicyDN          |                                                                                                    |
| ldapDynamicGroupMemberURL     |                                                                                                    |
| ldapEmailAttribute            | mail                                                                                               |
| ldapExperiencedAdmin          | 0                                                                                                  |
| ldapExpertUUIDGroupAttr       | sAMAccountName                                                                                     |
| ldapExpertUUIDUserAttr        | sAMAccountName                                                                                     |
| ldapExpertUsernameAttr        | sAMAccountName                                                                                     |
| ldapGidNumber                 | gidNumber                                                                                          |
| ldapGroupDisplayName          | cn                                                                                                 |
| ldapGroupFilter               | (&(objectClass=group)(MemberOf=CN=Nuvem,OU=Grupos,OU=GraficaIbiruba,DC=graficaibiruba,DC=interno)) |
| ldapGroupFilterGroups         |                                                                                                    |
| ldapGroupFilterMode           | 1                                                                                                  |
| ldapGroupFilterObjectclass    |                                                                                                    |
| ldapGroupMemberAssocAttr      | member                                                                                             |
| ldapHost                      | ldaps://srvad1.graficaibiruba.interno:636                                                          |
| ldapIgnoreNamingRules         |                                                                                                    |
| ldapLoginFilter               | (|(sAMAccountName=%uid)(mail=%uid))                                                                |
| ldapLoginFilterAttributes     | telephoneNumber                                                                                    |
| ldapLoginFilterEmail          | 1                                                                                                  |
| ldapLoginFilterMode           | 1                                                                                                  |
| ldapLoginFilterUsername       | 1                                                                                                  |
| ldapNestedGroups              | 0                                                                                                  |
| ldapOverrideMainServer        | 0                                                                                                  |
| ldapPagingSize                | 500                                                                                                |
| ldapPort                      | 636                                                                                                |
| ldapQuotaAttribute            |                                                                                                    |
| ldapQuotaDefault              | 2 GB                                                                                               |
| ldapTLS                       | 0                                                                                                  |
| ldapUserDisplayName           | displayname                                                                                        |
| ldapUserDisplayName2          |                                                                                                    |
| ldapUserFilter                | (&(objectClass=user)(MemberOf=CN=Nuvem,OU=Grupos,OU=GraficaIbiruba,DC=graficaibiruba,DC=interno))  |
| ldapUserFilterGroups          |                                                                                                    |
| ldapUserFilterMode            | 0                                                                                                  |
| ldapUserFilterObjectclass     |                                                                                                    |
| ldapUuidGroupAttribute        | auto                                                                                               |
| ldapUuidUserAttribute         | auto                                                                                               |
| turnOffCertCheck              | 0                                                                                                  |
| turnOnPasswordChange          | 0                                                                                                  |
| useMemberOfToDetectMembership | 1                                                                                                  |
+-------------------------------+----------------------------------------------------------------------------------------------------+

yourcloudasia · May 9, 2018, 2:09am

Is the server at srvad1.graficaibiruba.interno? Is it Active Directory or OpenLDAP? Also, is it on the same or different host as Nextcloud?

marlon.markendorf · May 9, 2018, 3:14am

Is the server at srvad1.graficaibiruba.interno? No
Is it Active Directory or OpenLDAP? Active Directory
Also, is it on the same or different host as Nextcloud? Different Host…
I Turned off SSL certificate validation and seems that the problem stops… After 12 hours SL certificate validation disabled continues fine…