NC21 OpenLDAP user 504 Gateway error on login

politas · August 14, 2021, 11:28am

Hi,

Home Nextcloud user here, running Nextcloud 21 on my multi-use home server. I recently upgraded nextcloud from v20.whatever to 21.0.4, having noticed that it had moved into stable. After a week where all seemed to go fine, I upgraded my Ubuntu server to PHP8.0, which also seemed to go mostly fine, apart from a few niggling little issues. I got them all sorted out, and everything seemed to stabilise and be working fine for a few days, but then suddenly my wife’s account started getting a Gateway 504 Timeout every time she logs in. We can create and log in fine with a test account, and my account logs in fine, too, but her account keeps getting this annoying 504 error and cannot log in.

I use an OpenLDAP server for authentication, version : 2.4.49

Both accounts are set up the same in Nextcloud and OpenLDAP.

I’ve tested both our logins on her Windows machine and my Linux workstation, with different browsers. My account always logs in Ok (if slowly), while hers gets the 504 Gateway Timeout.

Nextcloud version (eg, 20.0.5): 21.0.4, 21.0.4.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): nginx/1.20.1
PHP version (eg, 7.4): 8.0

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N):Y

Steps to replicate it:

User logs in as normal

The output of your Nextcloud log in Admin > Logging:

No log entry

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => '**************',
  'secret' => '****************',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'public hostname',
    2 => 'internal IP',
    3 => 'internal hostname',
  ),
  'datadirectory' => '/***/nextcloud-data',
  'dbtype' => 'mysql',
  'version' => '21.0.3.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_admin',
  'dbpassword' => '*******',
  'installed' => true,
  'instanceid' => '*****',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'pipe',
  'mail_from_address' => 'name',
  'mail_domain' => 'domain.tld',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '127.0.0.1',
    'port' => 6379,
  ),
  'mail_smtpsecure' => 'tls',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'mail.server',
  'mail_smtpport' => '25',
  'mail_smtpname' => '********',
  'mail_smtppassword' => '********',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'data-fingerprint' => '*************',
  'default_phone_region' => 'AU',
  'app_install_overwrite' => 
  array (
    0 => 'ocsms',
  ),
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
);

The output of your Apache/nginx/system log in /var/log/error.log:

2021/08/14 20:37:16 [error] 7625#7625: *60305 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.2, server: host.domain.tld, request: "POST /login HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.0-fpm.sock", host: "host.domain.tld"
2021/08/14 20:43:12 [error] 7625#7625: *60787 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.2, server: host.domain.tld, request: "POST /login HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.0-fpm.sock", host: "host.domain.tld"
2021/08/14 20:50:00 [error] 7625#7625: *61268 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.2, server: host.domain.tld, request: "POST /login HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.0-fpm.sock", host: "host.domain.tld"
2021/08/14 20:59:49 [error] 7625#7625: *62003 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.2, server: host.domain.tld, request: "POST /login HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.0-fpm.sock", host: "host.domain.tld"

I’m not seeing any of these errors on my login attempts, just on hers.

For both accounts, the Openldap logs shows a BIND attempt with our userids that returns:

slapd debug  conn=##### op=2 RESULT tag=97 err=0 text=

I’m tearing my hair out. I don’t understand why one account is failing and one is working.

Rolling back to PHP7.4 doesn’t seem to be possible. If I change that setting in NGINX config file, the whole server fails to operate.

politas · August 18, 2021, 2:41am

I don’t think I quite made it clear that when I say slow, I mean almost a full minute.

maaikez · May 18, 2022, 8:23pm

I have the same problem, did you already find a solution?

politas · May 18, 2022, 9:10pm

No, every login still takes 30 seconds to a minute to complete, and after some updates, my wife is strangely unable to login until the next minor update. I wish there was a way for us home users to pay for support, since we seem to get nothing here.

I did manage to roll back to PHP 7.4, and when trying to switch to PHP 8 during recent occurrences, I’ve actually gotten a message saying that nextcloud 22 does not support PHP 8.

Nextcloud 23 has no write support for LDAP, so that’s holding me back from upgrading.

politas · August 1, 2022, 4:57am

I have managed to stabilise logons by increasing the fastcgi timeout in my nginx configuration to 2 minutes. I have finally upgraded to Nextcloud 23 and now using PHP 8.0. That upgrade made every login timeout, so I was forced to the workaround. I still don’t understand why LDAP logins are taking so long. There’s nothing in any logs indicating what is happening during the delay.