Nexcloud AIO 50 User limit?

I am having issues with my nextcloud AIO installtation.
I was under the impression that Nextcloud AIO is free for installations with less that 100 Users.

Currently we have 51 active users:
Bildschirm­foto 2023-04-18 um 21.45.42

Here the trace of the error message:
[no app in context] Error: OCP\HintException: The user limit has been reached and the user was not created. Check your notifications to learn more. at <>

  1. /var/www/html/apps/user_ldap/lib/Mapping/UserMapping.php line 51
    OC\Support\Subscription\Assertion->createUserIsLegit()
  2. /var/www/html/apps/user_ldap/lib/Access.php line 621
    OCA\User_LDAP\Mapping\UserMapping->map(“cn=bekir can,ou … l”, “67FA7457-A12E-40FD-A27A-49C12658BF84”, “67FA7457-A12E-40FD-A27A-49C12658BF84”)
  3. /var/www/html/apps/user_ldap/lib/Access.php line 594
    OCA\User_LDAP\Access->mapAndAnnounceIfApplicable([“OCA\User_LDAP\Mapping\UserMapping”], “cn=firstname surname,ou … l”, “67FA7457-A12E-40FD-A27A-49C12658BF84”, “67FA7457-A12E-40FD-A27A-49C12658BF84”, true)
  4. /var/www/html/apps/user_ldap/lib/Access.php line 885
    OCA\User_LDAP\Access->dn2ocname(“cn=bekir can,ou … l”, “firstname surname”, true, false, “*** sensitive parameters replaced ***”)
  5. <>
    OCA\User_LDAP\Access->OCA\User_LDAP{closure}(“*** sensitive parameters replaced ***”)
  6. /var/www/html/apps/user_ldap/lib/Access.php line 891
    array_filter([[["F862FBC9-C22 … "], [“Closure”])
  7. /var/www/html/apps/user_ldap/lib/User_LDAP.php line 285
    OCA\User_LDAP\Access->fetchListOfUsers(“(&(&(objectclas … )”, [“entryuuid”,"ns … "], 25, 0)
  8. /var/www/html/apps/user_ldap/lib/User_Proxy.php line 203
    OCA\User_LDAP\User_LDAP->getUsers(“”, 25, 0)
  9. /var/www/html/lib/private/User/Manager.php line 305
    OCA\User_LDAP\User_Proxy->getUsers(“”, 25, 0)
  10. /var/www/html/apps/provisioning_api/lib/Controller/UsersController.php line 187
    OC\User\Manager->search(“”, 25, 0)
  11. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 225
    OCA\Provisioning_API\Controller\UsersController->getUsersDetails(“”, 25, 0)
  12. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 133
    OC\AppFramework\Http\Dispatcher->executeController(["OCA\Provision … "], “getUsersDetails”)
  13. /var/www/html/lib/private/AppFramework/App.php line 172
    OC\AppFramework\Http\Dispatcher->dispatch(["OCA\Provision … "], “getUsersDetails”)
  14. /var/www/html/lib/private/Route/Router.php line 298
    OC\AppFramework\App::main(“OCA\Provisioni … r”, “getUsersDetails”, ["OC\AppFramewo … "], ["ocs.provisioni … "])
  15. /var/www/html/ocs/v1.php line 63
    OC\Route\Router->match(“/ocsapp/cloud/users/details”)
  16. /var/www/html/ocs/v2.php line 23
    require_once(“/var/www/html/ocs/v1.php”)

GET /ocs/v2.php/cloud/users/details?offset=0&limit=25&search=
from 193.159.102.100 by admin at 2023-04-18T19:30:26+00:00

The user limit is indeed set to 100. It is however possible that you have more than 100 users on your ldap and it fails to map these to Nextcloud due to this. Please revisit the ldap config.

Apart from that see All-in-one - Nextcloud

Currently there are two active LDAP connections to two domains.

The LDAP queries are limited to users within a specific groups.
I removed the two users I added recently. Now we are at 50 users again and Nextcloud behaves normal.

The “Verify settings and count users” function within the ldap settings now return 28 and 21 respectively.
So I am not sure what I should change in the LDAP settings.

Currently we are using this LDAP query: (&(objectclass=person)(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=canonicalname of the group)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Why have a limit?

I think AIO is a single Docker based stock, it is hard to scale up, have the users limitation might be good for resource consume on the machine.
As I knew, if you enable all the AIO docker containers, it will require much resource, especially for the memory, too many users might be crash the whole stack.
I hit the performance issue on my docker stack with huge Photo library with imagnary previews what I have only 3 users.

So noone else has an Idea how I can find the root cause of the issue?

A default value of 50 is set in the delegateIsHardUserLimitReached() function, which should be ignored due to the setting in config.php.

$hardUserLimit = $this->config->getSystemValueInt('one-click-instance.user-limit', 50);

The user limit of 100 is set in the entrypoint.sh script of the Nextcloud docker container and overwrites any manual setting of one-click-instance.user-limit in config.php when the container restarts.

php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int

Tracing back the function calls concerning one-click-instance.user-limit the following structure becomes apparent:
server/apps/user_ldap/lib/Mapping/UserMapping.php or
server/lib/private/User/Manager.php
createUserIsLegit()
delegateIsHardUserLimitReached()

2 Likes

Is there a reason for synthetically limiting the user amount in the entrypoint.sh script?

One could simply issue the occ command above with a higher limit or simply set one-click-instance to false which would result in skipping the call of delegateIsHardUserLimitReached() alltogether.