Nextcloud after update from 13 to 15.0.7 dont sync LDAP accounts from AD

ldap
update_problems
#1

Hello!
Our Nextcloud after update from 13 to 15.0.7 dont want to sync new LDAP accounts from AD =(
Old users can login in nextcloud and work correctly, but new users(that created after update) is get errors in logs and cant login.
Errors example:
{“reqId”:“XNqP9KvsZuChXrRK0YH-KAAAAAI”,“level”:2,“time”:“2019-05-14T12:52:52+03:00”,“remoteAddr”:“172.20.10.124”,“user”:"–",“app”:“core”,“method”:“POST”,“url”:"/login?user=alitovchenko",“message”:“Login failed: ‘alitovchenko’ (Remote IP: ‘172.20.10.124’)”,“userAgent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0”,“version”:“15.0.7.0”}
We try to reinstall LDAP plugin and it isn’t help us =(
When we make test at LDAP settings page its pass correctly and show correct number of users in LDAP directory. When we make a user-test in LDAP we have message that the user is found in AD.
How we can solve the problem?
Thanks for everyone! Have a good day!

#2

We solve the problem!

Step-by-step guide

To solve that problem with LDAP we need to edit this file: apps/user_ldap/lib/Access.php in Nextcloud directory (example, /var/www/html/owncloud/apps/user_ldap/lib/Access.php)

  1. We need to find strings like that in file (example search the " allowed characters" string):

Access.php before edit
// Replacements
$name = str_replace ( ' ' , '_' , $name );
// Every remaining disallowed characters will be removed
$name = preg_replace( '/[^a-zA-Z0-9_.@-]/u' , '' , $name );
if ( $name === '' ) {
throw new \InvalidArgumentException( 'provided name template for username does not contain any allowed characters' );
}
return $name ;

  1. We need to comment “if” operator block like that way:

Access.php after edit

// Replacements
$name = str_replace ( ' ' , '_' , $name );
// Every remaining disallowed characters will be removed
$name = preg_replace( '/[^a-zA-Z0-9_.@-]/u' , '' , $name );
//if($name === '') {
// throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
//}
return $name ;

  1. After edit we not need to reload some services, LDAP works after first login of any new user

Have a good day!