Migration from owncloud and LDAP users

ℹ️ Support
1

Hello
I’ve just migrated form owncloud 8 to nextcloud 9.
The migration has been fine, but now I’m facing a problem with LDAP users.
After migratgin LDAP users can’t log in (users created in the admin interface can) and the users list instead of displaying the name as it did before now it displays the UUID.
If I check in the admin LDAP section if a user exists it reports that exists. And it correctly finds the 142 users.
If I try to share something with a user by username it finds the user but instead of showing the username it shows the uuid.

What can be the problem?

Thank you

Nextcloud version (eg, 10.0.2): 9.0.58
Operating system and version (eg, Ubuntu 16.04): Centos 6
Apache or nginx version (eg, Apache 2.4.25): Apache
PHP version (eg, 5.6): 5.4.37

The output of your Nextcloud log in Admin > Logging:

  • Backends provided no user object for 91eed701-8a4d11e2-b0d3f1b3-10529d6f
  • Attempt for Paging? 1
  • Error when searching: Bad search filter code -7
  • Ready for a paged search
  • initializing paged search for Filter (| (memberof=cn=,ou=,ou=,dc=,dc=,dc=) (memberof=cn=-,ou=,ou=,dc=,dc=,dc=)) base Array ( [0] => ou=,ou=,dc=,dc=,dc=* ) attr Array ( [0] => dn ) limit 1 offset 0
  • LDAP error Bad search filter (-7) after calling ldap_read
  • Ready for a paged search
2

Might be a hint?

3

I could be. But I’ve no clue. I’m not a LDAP or PHP expert.
And It still surprises me how it finds users, but is not able to get their displaynames (and it did before)

Thank you

4

Cannot say much more without the config.

sudo -u www-data php occ ldap:show-config from within the nextcloud root. or you screenshot them… :wink: preferably the output from the command.

5

Hello,
Here you have the configuration:

+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration                 | s01                                                                                                                                                                                                    |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 0                                                                                                                                                                                                      |
| hasPagedResultSupport         |                                                                                                                                                                                                        |
| homeFolderNamingRule          | attr:uid                                                                                                                                                                                               |
| lastJpegPhotoLookup           | 0                                                                                                                                                                                                      |
| ldapAgentName                 | cn=CN,dc=SUBDOMAIN,dc=DOMAIN,dc=es                                                                                                                                                         |
| ldapAgentPassword             | ***                                                                                                                                                                                                    |
| ldapAttributesForGroupSearch  |                                                                                                                                                                                                        |
| ldapAttributesForUserSearch   | givenName;sn;uid                                                                                                                                                                                       |
| ldapBackupHost                |                                                                                                                                                                                                        |
| ldapBackupPort                |                                                                                                                                                                                                        |
| ldapBase                      | ou=usuarios,ou=ORGUNIT,dc=SUBDOMAIN,dc=DOMAIN,dc=es                                                                                                                                        |
| ldapBaseGroups                | ou=Grupos,ou=ORGUNIT,dc=SUBDOMAIN,dc=DOMAIN,dc=es                                                                                                                                          |
| ldapBaseUsers                 | ou=usuarios,ou=ORGUNIT,dc=SUBDOMAIN,dc=DOMAIN,dc=es                                                                                                                                        |
| ldapCacheTTL                  | 600                                                                                                                                                                                                    |
| ldapConfigurationActive       | 1                                                                                                                                                                                                      |
| ldapDynamicGroupMemberURL     |                                                                                                                                                                                                        |
| ldapEmailAttribute            | mail                                                                                                                                                                                                   |
| ldapExperiencedAdmin          | 0                                                                                                                                                                                                      |
| ldapExpertUUIDGroupAttr       |                                                                                                                                                                                                        |
| ldapExpertUUIDUserAttr        |                                                                                                                                                                                                        |
| ldapExpertUsernameAttr        | displayname                                                                                                                                                                                            |
| ldapGroupDisplayName          | cn                                                                                                                                                                                                     |
| ldapGroupFilter               | (memberof=cn=GROUP,ou=Grupos,ou=ORGUNIT,dc=SUBDOMAIN,dc=DOMAIN,dc=es)                                                                                                         |
| ldapGroupFilterGroups         |                                                                                                                                                                                                        |
| ldapGroupFilterMode           | 1                                                                                                                                                                                                      |
| ldapGroupFilterObjectclass    | posixGroup;top                                                                                                                                                                                         |
| ldapGroupMemberAssocAttr      | uniqueMember                                                                                                                                                                                           |
| ldapHost                      | ldaps://ldap2.SUBDOMAIN.DOMAIN.es                                                                                                                                                                     |
| ldapIgnoreNamingRules         |                                                                                                                                                                                                        |
| ldapLoginFilter               | uid=%uid                                                                                                                                                                                               |
| ldapLoginFilterAttributes     |                                                                                                                                                                                                        |
| ldapLoginFilterEmail          | 0                                                                                                                                                                                                      |
| ldapLoginFilterMode           | 1                                                                                                                                                                                                      |
| ldapLoginFilterUsername       | 1                                                                                                                                                                                                      |
| ldapNestedGroups              | 0                                                                                                                                                                                                      |
| ldapOverrideMainServer        | 0                                                                                                                                                                                                      |
| ldapPagingSize                | 500                                                                                                                                                                                                    |
| ldapPort                      | 636                                                                                                                                                                                                    |
| ldapQuotaAttribute            |                                                                                                                                                                                                        |
| ldapQuotaDefault              |                                                                                                                                                                                                        |
| ldapTLS                       |                                                                                                                                                                                                        |
| ldapUserDisplayName           | givenName                                                                                                                                                                                              |
| ldapUserDisplayName2          | uid                                                                                                                                                                                                    |
| ldapUserFilter                | (| (memberof=cn=GROUP,ou=Grupos,ou=ServiciosCentrales,dc=SUBDOMAIN,dc=DOMAIN,dc=es) (memberof=cn=GROUP2,ou=Grupos,ou=ServiciosCentrales,dc=SUBDOMAIN,dc=DOMAIN,dc=es)) |
|                               |                                                                                                                                                                                                        |
| ldapUserFilterGroups          |                                                                                                                                                                                                        |
| ldapUserFilterMode            | 1                                                                                                                                                                                                      |
| ldapUserFilterObjectclass     | top                                                                                                                                                                                                    |
| ldapUuidGroupAttribute        | auto                                                                                                                                                                                                   |
| ldapUuidUserAttribute         | auto                                                                                                                                                                                                   |
| turnOffCertCheck              | 0                                                                                                                                                                                                      |
| useMemberOfToDetectMembership | 1                                                                                                                                                                                                      |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

But it still validates configuration in settings and is able to count the amount of users, and it check the existence of a user.

Some debug info:
No DN found for on ldaps://ldap2.SUBDOMAIN.DOMAIN.es
No DN found for a8c13502-8bd711e2-b0d3f1b3-10529d6f on ldaps://ldap2.SUBDOMAIN.DOMAIN.es

6

User Filter looks OK, Login filter is totally open. Display name attributes look OK as does the expert username attribute. Logins should work. Was it really the same config as before? E.g. changing the username attribute during runtime won’t change existing users.