Hello!
I have successfully installed Nextcloud, LDAP Backend and user_oidc app and linked them together and with Keycloak as a backend for oidc. But there is a very big problem with revoking user sessions.
When I block a user (using AD) - his nextcloud session remains active. Neither ldap backend nor oidc app react in any way to this event and the user continues to use NextCloud while locked out.
I don’t know if this is a problem on the Nextcloud side or plugins - maybe I need to change the PHP session settings?
Thanks a lot!
Nextcloud version: 25.0.3
Operating system and version: Ubuntu 22.04.1 LTS
Apache or nginx version: Apache/2.4.52
PHP version: PHP 8.1.2
The issue you are facing: User stay logged in after blocking.
Is this the first time you’ve seen this error? N:
Steps to replicate it:
- Set up the NextCloud with Active Directory as a backend
- Login to NC as regular user from AD
- Block (disable) this user in Active Directory
- The user still has access to NC and the ability to navigate through folders until he logged out.
The output of your Nextcloud log in Admin > Logging:
No relative logs
The output of your config.php file:
<?php
$CONFIG = array (
'instanceid' => 'oc*********',
'passwordsalt' => '***********',
'secret' => '**********',
'trusted_domains' =>
array (
0 => 'server_internal_ip',
1 => 'server.domain.name',
),
'allow_local_remote_servers' => true,
'datadirectory' => '/mnt/DISK',
'dbtype' => 'mysql',
'version' => '25.0.3.2',
'overwrite.cli.url' => 'https://server.domain.name',
'dbname' => 'nextcloud',
'dbhost' => 'database_internal_ip',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '*********',
'installed' => true,
'trusted_proxies' =>
array (
0 => 'proxy_internal_ip',
),
'default_phone_region' => '**',
'default_language' => '**',
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 1.5,
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\Movie',
1 => 'OC\\Preview\\Image',
2 => 'OC\\Preview\\Imaginary',
),
'preview_imaginary_url' => 'http://127.0.0.1:9000',
'auth.webauthn.enabled' => false,
'user_oidc' =>
array (
'auto_provision' => false,
'userinfo_bearer_validation' => true,
'single_logout' => false,
),
'maintenance' => false,
'theme' => '',
'loglevel' => 1,
'log.condition' => ['apps' => ['admin_audit'],],
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'mail_from_address' => 'noreply',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'mail.domain.name',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'smtp.mail.domain',
'mail_smtpport' => '465',
'mail_smtpname' => 'noreply@domain.name',
'mail_smtppassword' => '*********',
'mail_smtpsecure' => 'ssl',
'twofactor_enforced' => 'false',
);
The output of your Apache/nginx/system log in /var/log/____
:
No related logs
Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
No related logs