Hi,
I’m facing a strange issue on my Nextcloud instance, when trying to reset a LDAP user passwort:
Nextcloud version : 16.0.3
Operating system and version: Ubuntu 18.04 as docker host
Docker version: Docker 19.03.1
Docker image: official nextcloud image -> nextcloud:16
Apache or nginx version: nginx/1.15.7 on Synology NAS
PHP version: PHP 7.3.7
Synology-LDAP server: 2.4.40-2496
Note: I am using the nginx reverse proxy of my Synology NAS (IP: 192.168.1.21) to forward all traffic of port 443 to my application server (IP: 192.168.1.20).
I want to allow a user to reset his/her password via E-Mail. So far i have configured the E-Mail server and my test user is receiving the password reset mail.
Steps to replicate it:
- After clicking on the button in the mail i am forwarded to the password reset form of nextcloud (so far so good).
- Now, if i enter a new password and click on the “reset password” button nothing happens afterwards.
The output of your Nextcloud log in Admin > Logging:
there is no log generated which is related to this event. I have deleted the server log and repeated the procedure. Nothing is written to the server logs!
config.php:
<?php
$CONFIG = array (
'instanceid' => 'ocqbrfqwh5cb',
'passwordsalt' => 'boop!',
'secret' => 'boop!',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.1.20',
2 => 'mydomain.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '16.0.3.0',
'overwrite.cli.url' => 'http://mydomain.de',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'boop!',
'dbpassword' => 'boop!',
'installed' => true,
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
),
'maintenance' => false,
'has_rebuilt_cache' => true,
'theme' => '',
'loglevel' => 2,
);
The output of your Apache/nginx/system log in /var/log/____:
no logs are generated during the click event. I have checked the logs inside the nextcloud container and the logs on my Synology NAS
Console output of my browser:
The only hint i have is, when i click on the button i can see the following logs beeing generated in the console of my Firefox 69 (opened using F12).
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf http://mydomain.de/lostpassword/set/ZID5bHGb6nr0JYp910FQk/testuser blockiert ("connect-src").
Sorry it’s german, but the meaning is: The settings of this page blocked a ressource while loading this page.
When i repeat the same with my Edge browser on Windows 10 i get an even more confusing message:
CSP14312: Die Direktive connect-src 'self' stun.nextcloud.com:443 in Content-Security-Policy wurde durch eine Ressource verletzt: http://mydomain.de/lostpassword/set/ZID5bHGb6nr0JYp910FQk/testuser. Die Ressource wird blockiert.
Does anyone have an idea what could be wrong?
Thanks in advance,
BR,
Michael