I manage some domains, using LDAP or AD as backend; the domain is also an email domain, and so iāve enabled āprovisioningā of email account using common data (from groupware config page).
But in this way i get constantly errors in logs:
Apr 12 00:15:13 nextcloud Nextcloud[16710]: {"reqId":"fzngdMxTdh8kKSAquFsb","level":3,"time":"2021-04-11T22:15:13+00:00","remoteAddr":"","user":"--","app":"mail","method":"","url":"--","message":"{\"Exception\":\"OCA\\\\Mail\\\\Exception\\\\ServiceException\",\"Message\":\"IMAP error: Mail server denied authentication.\",\"Code\":102,\"Trace\":[{\"file\":\"/var/www/nextcloud/apps/mail/lib/BackgroundJob/SyncJob.php\",\"line\":91,\"function\":\"sync\",\"class\":\"OCA\\\\Mail\\\\IMAP\\\\MailboxSync\",\"type\":\"->\",\"args\":[{\"__class__\":\"OCA\\\\Mail\\\\Account\"},{\"__class__\":\"OC\\\\AppFramework\\\\ScopedPsrLogger\"},true]},{\"file\":\"/var/www/nextcloud/lib/public/BackgroundJob/Job.php\",\"line\":80,\"function\":\"run\",\"class\":\"OCA\\\\Mail\\\\BackgroundJob\\\\SyncJob\",\"type\":\"->\",\"args\":[{\"accountId\":4}]},{\"file\":\"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php\",\"line\":61,\"function\":\"execute\",\"class\":\"OCP\\\\BackgroundJob\\\\Job\",\"type\":\"->\",\"args\":[{\"__class__\":\"OC\\\\BackgroundJob\\\\JobList\"},{\"__class__\":\"OC\\\\Log\"}]},{\"file\":\"/var/www/nextcloud/cron.php\",\"line\":128,\"function\":\"execute\",\"class\":\"OCP\\\\BackgroundJob\\\\TimedJob\",\"type\":\"->\",\"args\":[{\"__class__\":\"OC\\\\BackgroundJob\\\\JobList\"},{\"__class__\":\"OC\\\\Log\"}]}],\"File\":\"/var/www/nextcloud/apps/mail/lib/IMAP/MailboxSync.php\",\"Line\":106,\"Previous\":{\"Exception\":\"Horde_Imap_Client_Exception\",\"Message\":\"Mail server denied authentication.\",\"Code\":102,\"Trace\":[{\"file\":\"/var/www/nextcloud/apps/mail/vendor/pear-pear.horde.org/Horde_Imap_Client/Horde/Imap/Client/Base.php\",\"line\":838,\"function\":\"_login\",\"class\":\"Horde_Imap_Client_Socket\",\"type\":\"->\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/var/www/nextcloud/apps/mail/vendor/pear-pear.horde.org/Horde_Imap_Client/Horde/Imap/Client/Base.php\",\"line\":1389,\"function\":\"login\",\"class\":\"Horde_Imap_Client_Base\",\"type\":\"->\",\"args\":[\"*** sensitive parameters replaced ***\"]},{\"file\":\"/var/www/nextcloud/apps/mail/lib/IMAP/FolderMapper.php\",\"line\":60,\"function\":\"listMailboxes\",\"class\":\"Horde_Imap_Client_Base\",\"type\":\"->\",\"args\":[\"*\",5,{\"delimiter\":true,\"attributes\":true,\"special_use\":true}]},{\"file\":\"/var/www/nextcloud/apps/mail/lib/IMAP/MailboxSync.php\",\"line\":103,\"function\":\"getFolders\",\"class\":\"OCA\\\\Mail\\\\IMAP\\\\FolderMapper\",\"type\":\"->\",\"args\":[{\"__class__\":\"OCA\\\\Mail\\\\Account\"},{\"cacheFields\":[\"HICenv\",\"HICflags\",\"HIChdrs\",\"HICdate\",\"HICsize\",\"And 1 more entries, set log level to debug to see all entries\"],\"changed\":true,\"statuscache\":true,\"__class__\":\"Horde_Imap_Client_Socket\"}]},{\"file\":\"/var/www/nextcloud/apps/mail/lib/BackgroundJob/SyncJob.php\",\"line\":91,\"function\":\"sync\",\"class\":\"OCA\\\\Mail\\\\IMAP\\\\MailboxSync\",\"type\":\"->\",\"args\":[{\"__class__\":\"OCA\\\\Mail\\\\Account\"},{\"__class__\":\"OC\\\\AppFramework\\\\ScopedPsrLogger\"},true]},{\"file\":\"/var/www/nextcloud/lib/public/BackgroundJob/Job.php\",\"line\":80,\"function\":\"run\",\"class\":\"OCA\\\\Mail\\\\BackgroundJob\\\\SyncJob\",\"type\":\"->\",\"args\":[{\"accountId\":4}]},{\"file\":\"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php\",\"line\":61,\"function\":\"execute\",\"class\":\"OCP\\\\BackgroundJob\\\\Job\",\"type\":\"->\",\"args\":[{\"__class__\":\"OC\\\\BackgroundJob\\\\JobList\"},{\"__class__\":\"OC\\\\Log\"}]},{\"file\":\"/var/www/nextcloud/cron.php\",\"line\":128,\"function\":\"execute\",\"class\":\"OCP\\\\BackgroundJob\\\\TimedJob\",\"type\":\"->\",\"args\":[{\"__class__\":\"OC\\\\BackgroundJob\\\\JobList\"},{\"__class__\":\"OC\\\\Log\"}]}],\"File\":\"/var/www/nextcloud/apps/mail/vendor/pear-pear.horde.org/Horde_Imap_Client/Horde/Imap/Client/Socket.php\",\"Line\":572},\"CustomMessage\":\"Cron mail sync failed: IMAP error: Mail server denied authentication.\"}","userAgent":"--","version":"21.0.0.18"}
simply because some account are disabled. Note that is common policy in domain NOT to delete account, but disable them.
Clearly there are query that can filter disabled users, but for the same reason i think it is not a good policy to have users ādesappearā from NC if get disabled.
The best way to handle this, for me, is to:
- add to LDAP connector the ability to import in NC the status of the account (enabled/disabled, but also locked could be)
- skip cron job for disabled users
I hope i was clear. Thanks.
PS: if needed, i can provide some LDAP query examples, for AD and for plain LDAP or LDAP/Samba3.