Hello!
Our Nextcloud after update from 13 to 15.0.7 dont want to sync new LDAP accounts from AD =(
Old users can login in nextcloud and work correctly, but new users(that created after update) is get errors in logs and cant login.
Errors example:
{“reqId”:“XNqP9KvsZuChXrRK0YH-KAAAAAI”,“level”:2,“time”:“2019-05-14T12:52:52+03:00”,“remoteAddr”:“172.20.10.124”,“user”:"–",“app”:“core”,“method”:“POST”,“url”:"/login?user=alitovchenko",“message”:“Login failed: ‘alitovchenko’ (Remote IP: ‘172.20.10.124’)”,“userAgent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0”,“version”:“15.0.7.0”}
We try to reinstall LDAP plugin and it isn’t help us =(
When we make test at LDAP settings page its pass correctly and show correct number of users in LDAP directory. When we make a user-test in LDAP we have message that the user is found in AD.
How we can solve the problem?
Thanks for everyone! Have a good day!
We solve the problem!
Step-by-step guide
To solve that problem with LDAP we need to edit this file: apps/user_ldap/lib/Access.php in Nextcloud directory (example, /var/www/html/owncloud/apps/user_ldap/lib/Access.php)
- We need to find strings like that in file (example search the " allowed characters" string):
Access.php before edit
// Replacements
$name
=
str_replace
(
' '
,
'_'
,
$name
);
// Every remaining disallowed characters will be removed
$name
= preg_replace(
'/[^a-zA-Z0-9_.@-]/u'
,
''
,
$name
);
if
(
$name
===
''
) {
throw
new
\InvalidArgumentException(
'provided name template for username does not contain any allowed characters'
);
}
return
$name
;
- We need to comment “if” operator block like that way:
Access.php after edit
// Replacements
$name
=
str_replace
(
' '
,
'_'
,
$name
);
// Every remaining disallowed characters will be removed
$name
= preg_replace(
'/[^a-zA-Z0-9_.@-]/u'
,
''
,
$name
);
//if($name === '') {
// throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
//}
return
$name
;
- After edit we not need to reload some services, LDAP works after first login of any new user
Have a good day!
thanks for this hotfix!