Nextcloud version (eg, 20.0.5): 23.0.3
Operating system and version (eg, Ubuntu 20.04): Debian 11.3
Apache or nginx version (eg, Apache 2.4.25): 2.4.53
PHP version (eg, 7.4): 8.0.17
The issue you are facing:
Setup: Nextcloud in docker container. FreeIPA contains users in it’s LDAP directory, Keycloak is connected to that to provide OIDC login.
Users login to Nextcloud via OIDC (using oidc_login NOT the default user_oidc app - because I want to access user and group information in LDAP).
oidc_login_proxy_ldap setting is enabled and user_ldap app is configured correctly (under AD/LDAP settings clicking “Verify settings and count users” or “Verify settings and count groups” works and shows the number of each in the directory).
When user logs in and goes to their settings (Personal info → details) they see the list of groups they are a member of. Also other information for the user from LDAP is visible (for instance the thumbnail photo - LDAP obviously works to get user info)
However, the admin in nextcloud does not see these users (or their groups) under /settings/users. The only user there is the default admin user.
The problem is that I want to use group folders and assign them to the groups in LDAP - but they’re not seen in Nextcloud so can’t do it.
Interesting note, when trying to share a file from the Files app, I can find the users that have already logged in (but not ones that are only in LDAP and haven’t logged in yet). Groups are not found, not even the ones of the users that have logged in already.
I’d be very happy with any pointers at where to look further.
I’m not attaching any logs because they don’t contain anything of value at this moment. Interesting parts of the configuration are below.
best regards,
Hinko
{
"system": {
"debug": true,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"oidc_login_provider_url": "https:\/\/keycloak.DOMAIN.TLD\/auth\/realms\/DOMAIN.TLD",
"oidc_login_client_id": "Nextcloud",
"oidc_login_client_secret": "XXXXXXXXXXXXXXXXXXXXXX",
"oidc_login_auto_redirect": true,
"oidc_login_logout_url": "https:\/\/NEXTCLOUD.DOMAIN.TLD",
"oidc_login_end_session_redirect": true,
"oidc_login_default_quota": "1000000000",
"oidc_login_button_text": "Login with Keycloak",
"oidc_login_hide_password_form": true,
"oidc_login_use_id_token": false,
"oidc_login_attributes": {
"id": "email",
"mail": "email",
"ldap_uid": "email"
},
"oidc_login_default_group": "oidc",
"oidc_login_use_external_storage": false,
"oidc_login_scope": "openid profile",
"oidc_login_proxy_ldap": true,
"oidc_login_disable_registration": true,
"oidc_login_redir_fallback": true,
"oidc_login_tls_verify": true,
"oidc_create_groups": true,
"oidc_login_webdav_enabled": true,
"oidc_login_password_authentication": false,
"oidc_login_public_key_caching_time": 86400,
"oidc_login_min_time_between_jwks_requests": 10,
"oidc_login_well_known_caching_time": 86400,
"oidc_login_update_avatar": false,
},
"apps": {
"oidc_login": {
"installed_version": "2.3.1",
"types": "",
"enabled": "yes",
"jwks": "***PRIVATE***",
"well-known": "***PRIVATE***",
"last_updated_jwks": "1648630662",
"last_updated_well_known": "1648715540"
},
"user_ldap": {
"s01ldap_configuration_active": "1",
"s01ldap_group_filter_mode": "1",
"s01ldap_group_filter": "(&(objectclass=groupofnames)(objectclass=posixGroup))",
"installed_version": "1.13.1",
"types": "authentication",
"enabled": "yes",
"s01ldap_userfilter_objectclass": "mailboxentity",
"s01ldap_base_users": "cn=users,cn=accounts,dc=DOMAIN,dc=TLD",
"s01ldap_backup_host": "",
"s01ldap_backup_port": "",
"s01ldap_override_main_server": "",
"s01ldap_user_filter_mode": "0",
"s01ldap_login_filter_mode": "0",
"s01ldap_groupfilter_groups": "",
"s01ldap_gid_number": "gidNumber",
"s01ldap_user_display_name_2": "",
"s01ldap_group_display_name": "cn",
"s01ldap_tls": "0",
"s01ldap_quota_def": "",
"s01ldap_quota_attr": "",
"s01ldap_cache_ttl": "600",
"s01home_folder_naming_rule": "",
"s01ldap_turn_off_cert_check": "0",
"s01use_memberof_to_detect_membership": "1",
"s01last_jpegPhoto_lookup": "0",
"s01ldap_nested_groups": "0",
"s01ldap_paging_size": "500",
"s01ldap_nested_groups": "0",
"s01ldap_paging_size": "500",
"s01ldap_turn_on_pwd_change": "0",
"s01ldap_dynamic_group_member_url": "",
"s01ldap_default_ppolicy_dn": "",
"s01ldap_user_avatar_rule": "default",
"s01ldap_ext_storage_home_attribute": "",
"s01ldap_matching_rule_in_chain_state": "unknown",
"s01ldap_loginfilter_attributes": "primaryMail",
"s01ldap_host": "ldaps:\/\/auth1.DOMAIN.TLD",
"s01ldap_attributes_for_user_search": "primaryMail, cn",
"s01ldap_experienced_admin": "1",
"s01ldap_expert_uuid_user_attr": "ipaUniqueID",
"s01ldap_display_name": "displayname",
"s01ldap_dn": "uid=nextcloud,cn=users,cn=accounts,dc=DOMAIN,dc=TLD",
"s01ldap_loginfilter_email": "0",
"s01ldap_userfilter_groups": "ipausers",
"s01ldap_base_groups": "cn=groups,cn=accounts,dc=DOMAIN,dc=TLD",
"s01ldap_port": "636",
"s01ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
"s01ldap_attributes_for_group_search": "cn, description",
"s01ldap_base": "dc=DOMAIN,dc=TLD",
"s01ldap_group_member_assoc_attribute": "member",
"s01has_memberof_filter_support": "1",
"s01ldap_groupfilter_objectclass": "groupofnames\nposixGroup",
"s01ldap_loginfilter_username": "0",
"s01ldap_expert_uuid_group_attr": "ipaUniqueID",
"s01ldap_email_attr": "primaryMail",
"s01ldap_expert_username_attr": "primaryMail",
"s01ldap_userlist_filter": "(&(objectclass=mailboxentity)(memberof=cn=ipausers,cn=groups,cn=accounts,dc=DOMAIN,dc=TLD))",
"s01ldap_login_filter": "(&(objectclass=mailboxentity)(memberof=cn=ipausers,cn=groups,cn=accounts,dc=DOMAIN,dc=TLD)(primaryMail=%uid))",
"s01_lastChange": "1648719451",
"cleanUpJobOffset": "0",
"background_sync_prefix": "s01",
"background_sync_offset": "0",
"background_sync_interval": "43200"
},
}