Nextcloud after update from 13 to 15.0.7 dont sync LDAP accounts from AD

Hello!
Our Nextcloud after update from 13 to 15.0.7 dont want to sync new LDAP accounts from AD =(
Old users can login in nextcloud and work correctly, but new users(that created after update) is get errors in logs and cant login.
Errors example:
{“reqId”:“XNqP9KvsZuChXrRK0YH-KAAAAAI”,“level”:2,“time”:“2019-05-14T12:52:52+03:00”,“remoteAddr”:“172.20.10.124”,“user”:"–",“app”:“core”,“method”:“POST”,“url”:"/login?user=alitovchenko",“message”:“Login failed: ‘alitovchenko’ (Remote IP: ‘172.20.10.124’)”,“userAgent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0”,“version”:“15.0.7.0”}
We try to reinstall LDAP plugin and it isn’t help us =(
When we make test at LDAP settings page its pass correctly and show correct number of users in LDAP directory. When we make a user-test in LDAP we have message that the user is found in AD.
How we can solve the problem?
Thanks for everyone! Have a good day!

We solve the problem!

Step-by-step guide

To solve that problem with LDAP we need to edit this file: apps/user_ldap/lib/Access.php in Nextcloud directory (example, /var/www/html/owncloud/apps/user_ldap/lib/Access.php)

  1. We need to find strings like that in file (example search the " allowed characters" string):

Access.php before edit
// Replacements
$name = str_replace ( ' ' , '_' , $name );
// Every remaining disallowed characters will be removed
$name = preg_replace( '/[^a-zA-Z0-9_.@-]/u' , '' , $name );
if ( $name === '' ) {
throw new \InvalidArgumentException( 'provided name template for username does not contain any allowed characters' );
}
return $name ;

  1. We need to comment “if” operator block like that way:

Access.php after edit

// Replacements
$name = str_replace ( ' ' , '_' , $name );
// Every remaining disallowed characters will be removed
$name = preg_replace( '/[^a-zA-Z0-9_.@-]/u' , '' , $name );
//if($name === '') {
// throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
//}
return $name ;

  1. After edit we not need to reload some services, LDAP works after first login of any new user

Have a good day!

1 Like

thanks for this hotfix!