Nextcloud version (eg, 20.0.5): 23.0.0
Operating system and version (eg, Ubuntu 20.04): CentOS 7
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.6 (CentOS)
PHP version (eg, 7.4): PHP 7.4.27
The issue you are facing:
Our Nextcloud is connected to a LDAP server, which worked perfectly fine for the last 4 years. Today all of a sudden, users cannot login with their LDAP credentials any more via the website. Also the macOS Desktop Client keeps logging users out, and upon restarting said client, they need to grant access to the client again, which does not work, due to the user being unable to login. No changes have been made to either Nextcloud or our LDAP server, nor have there been any changes in our infrastructure lately.
When I use the local Nextcloud admin account, I can login without problems. I checked the LDAP settings in Nextcloud and it comes back with “Configuration OK”. I can also successfully retrieve the user/group count and test the login name under “Login Attributes”, so I don’t think it has anything to do with the connection between Nextcloud and the LDAP server. (other applications using the LDAP server are working fine)
I’m out of ideas what else I could try/test to get this working again and am seeking for help with you guys.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Try to login to Nextcloud via the website
The output of your Nextcloud log in Admin > Logging:
The output shows the Safari as Browser but this can be reproduced in any other browser (Edge, Firefox, Chrome, etc.)
{
"reqId": "Yd2CJGHlhicIS7zDiEqHngAAAAo",
"level": 2,
"time": "2022-01-11T13:12:05+00:00",
"remoteAddr": "xx.xx.xxx.xx",
"user": "--",
"app": "no app in context",
"method": "POST",
"url": "/index.php/login",
"message": "Login failed: user.name (Remote IP: xx.xx.xxx.xx)",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15",
"version": "23.0.0.10",
"id": "61dd832c278ee"
}
{
"reqId": "Yd2CJGHlhicIS7zDiEqHngAAAAo",
"level": 2,
"time": "2022-01-11T13:12:05+00:00",
"remoteAddr": "xx.xx.xxx.xx",
"user": "--",
"app": "user_ldap",
"method": "POST",
"url": "/index.php/login",
"message": "Bind failed: 50: Insufficient access",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15",
"version": "23.0.0.10",
"id": "61dd832c27915"
}
{
"reqId": "Yd2CJGHlhicIS7zDiEqHngAAAAo",
"level": 2,
"time": "2022-01-11T13:12:04+00:00",
"remoteAddr": "xx.xx.xxx.xx",
"user": "--",
"app": "user_ldap",
"method": "POST",
"url": "/index.php/login",
"message": "Bind failed: 50: Insufficient access",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15",
"version": "23.0.0.10",
"id": "61dd832c27932"
}
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.domain"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "23.0.0.10",
"overwrite.cli.url": "https:\/\/nextcloud.domain\/",
"proxy": "xx.xx.xx.xx:xxxx",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"log_rotate_size": 10485760,
"theme": "",
"loglevel": 2,
"lost_password_link": "disabled",
"simpleSignUpLink.shown": false,
"updater.release.channel": "stable",
"mysql.utf8mb4": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"encryption.legacy_format_support": false,
"encryption.key_storage_migrated": false,
"default_phone_region": "DE",
"updater.secret": "***REMOVED SENSITIVE VALUE***"
The output of your Apache/nginx/system log in /var/log/____:
There are no error messages related to the above in these logs.