Problems with sharing with LDAP-group

ℹ️ Support
1

Nextcloud version (eg, 18.0.2): 18.0.4
Operating system and version (eg, Ubuntu 20.04): Centos 7.7
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.6
PHP version (eg, 7.1): 7.2

The issue you are facing:

We‘re using Nextcloud in our school with LDAP for the users and classes. When sharing to an LDAP group most pupils can see and access the share.
But in some accounts, the share doesn‘t appear! When I look under „activities“, there is an entry „TeacherXY has shared folder with you“, but when I click on this activity, there is an error.
Sometimes not even an entry appears in „activities“!

When I look as admin in the userlist, the pupils are listed correctly in the LDAP-class-group! In the database, there is also an correct entry for the share.

The only solution for now I found is, that I add a personal share for the folder for the pupil where the group-sharing doesn‘t work for.

We have ~1000 pupils in our school and facing this issue with 13 pupils for now! for all other pupils it works as expected.

When I create a local group in nextcloud and add such a „faulty pupil“, sharing to this local group works great!

It‘s only for LDAP-group-sharing with some pupils!

Since last night, there were more pupils with problems. Also such pupils, where no problems has been before! I don‘t know why, because, nothing was changed during last night!

What can I change, that sharing works properly?

Thank you for helping!

 

 

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:
don‘t know, there are some accounts with this problem, the most without problems. Don‘t see any common ground.

The output of your Nextcloud log in Admin > Logging:
There are MANY of these errors in log, also for pupils without problems!

Error while creating shared mount
[no app in context] Error: InvalidArgumentException: Invalid recipient at <<closure>>

 0. /var/www/html/dhg-rw/nextcloud/apps/files_sharing/lib/SharedMount.php line 129
    OC\Share20\Manager->moveShare(OC\Share20\Share {}, "efae3090-54f5-1038-90a2-6f2b389a9008")
 1. /var/www/html/dhg-rw/nextcloud/apps/files_sharing/lib/SharedMount.php line 111
    OCA\Files_Sharing\SharedMount->updateFileTarget("*** sensitive parameters replaced ***")
 2. /var/www/html/dhg-rw/nextcloud/apps/files_sharing/lib/SharedMount.php line 77
    OCA\Files_Sharing\SharedMount->verifyMountPoint("*** sensitive parameter replaced ***", {/efae3090-54f5- ... }}, OC\Cache\CappedMemoryCache {})
 3. /var/www/html/dhg-rw/nextcloud/apps/files_sharing/lib/MountProvider.php line 125
    OCA\Files_Sharing\SharedMount->__construct("\\OCA\\Files_Sharing\\SharedStorage", {/efae3090-54f5- ... }}, {user: "efae3090 ... e}, OC\Files\Storage\StorageFactory {}, OC\Files\View {}, OC\Cache\CappedMemoryCache {})
 4. /var/www/html/dhg-rw/nextcloud/lib/private/Files/Config/MountProviderCollection.php line 114
    OCA\Files_Sharing\MountProvider->getMountsForUser(OC\User\User {}, OC\Files\Storage\StorageFactory {})
 5. /var/www/html/dhg-rw/nextcloud/lib/private/Files/Filesystem.php line 448
    OC\Files\Config\MountProviderCollection->addMountForUser(OC\User\User {}, OC\Files\Mount\Manager {})
 6. /var/www/html/dhg-rw/nextcloud/lib/private/Files/Filesystem.php line 377
    OC\Files\Filesystem::initMountPoints("efae3090-54f5-1038-90a2-6f2b389a9008")
 7. /var/www/html/dhg-rw/nextcloud/lib/private/legacy/util.php line 309
    OC\Files\Filesystem::init("efae3090-54f5-1038-90a2-6f2b389a9008", "/efae3090-54f5- ... s")
 8. /var/www/html/dhg-rw/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php line 242
    OC_Util::setupFS("efae3090-54f5-1038-90a2-6f2b389a9008")
 9. /var/www/html/dhg-rw/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php line 158
    OCA\DAV\Connector\Sabre\Auth->auth(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
10. /var/www/html/dhg-rw/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php line 201
    OCA\DAV\Connector\Sabre\Auth->check(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
11. /var/www/html/dhg-rw/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php line 150
    Sabre\DAV\Auth\Plugin->check(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
12. <<closure>>
    Sabre\DAV\Auth\Plugin->beforeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
13. /var/www/html/dhg-rw/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
    call_user_func_array([Sabre\DAV\Auth\ ... "], [Sabre\HTTP\Requ ... }])
14. /var/www/html/dhg-rw/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 466
    Sabre\Event\EventEmitter->emit("beforeMethod", [Sabre\HTTP\Requ ... }])
15. /var/www/html/dhg-rw/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 254
    Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
16. /var/www/html/dhg-rw/nextcloud/apps/dav/lib/Server.php line 319
    Sabre\DAV\Server->exec()
17. /var/www/html/dhg-rw/nextcloud/apps/dav/appinfo/v2/remote.php line 35
    OCA\DAV\Server->exec()
18. /var/www/html/dhg-rw/nextcloud/remote.php line 165
    require_once("/var/www/html/d ... p")

PROPFIND /remote.php/dav/files/efae3090-54f5-1038-90a2-6f2b389a9008/<filename removed>
from <IP removed> by efae3090-54f5-1038-90a2-6f2b389a9008 at 2020-04-28T08:08:14+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  [...]
  ‘dbtype‘ => ‘mysql‘,
  ‘version‘ => ‘18.0.4.2’,
  ‘mysql.utf8mb4’ => true,
  ‘ldapIgnoreNamingRules’ => false,
  ‘ldapProviderFactory’ => ‘OCA\\User_LDAP\\LDAPProviderFactory’,
  ‘memcache.distributed’ => ‘\\OC\\Memcache\\Redis’,
  [...]

The output of your Apache/nginx/system log in /var/log/____:
no errors!

2

hello
it’s a bug
I have the same problem in version 18
I returned to version 17
may be a fix : https://github.com/nextcloud/server/issues/20133

3

I have the same problem running 19.0.1.

It looks like only users that were added to the LDAP-group after the folder has been shared are affected.
So when I share a folder to an ldap-group and add a user to the ldap-group afterwards that one can see the activities in the shared folder, but does not see the shared folder itself, and he can not access the files, even when trying from the activities-screen.

4

Hello,

I wrote a PHP-script that checks the LDAP-groups and add missing shares. On out server it runs every 5 minutes.

#!/usr/bin/php

<?php

$now = date('Y-m-d h:i:s', time());
print("$now\n");

$mysql = new mysqli('localhost','DBUSER','DBPASSWD','DATABASE');

if (mysqli_connect_error()) {
	printf('Connection failed! %s\n', mysql_connect_error());
	exit();
}

$groups = array();

$querygroups = $mysql->query("SELECT `owncloudname`,`owncloudusers` FROM `oc_ldap_group_members`");
while($row = $querygroups->fetch_assoc()) {
	$tmp = explode("i:",$row['owncloudusers']);
	$ids = array();

	for($i=1 ; $i<count($tmp) ; $i++) {
		$ids[] = explode("\"",$tmp[$i])[1];
	}

	$groups[$row['owncloudname']] = $ids;
}

$queryshares = $mysql->query("SELECT `id`,`share_with` FROM `oc_share` WHERE `share_type`='1'");
while($rowid = $queryshares->fetch_assoc()) {
	if(!array_key_exists($rowid['share_with'],$groups)) continue;

	$arrayobject = new ArrayObject($groups[$rowid['share_with']]);
	$ids = $arrayobject->getArrayCopy();

	$first = null;

	$querytarget = $mysql->query("SELECT * FROM `oc_share` WHERE `parent`='{$rowid['id']}'");
	while($row = $querytarget->fetch_assoc()) {
		if(!$first) $first = $row;

		if(($key = array_search($row['share_with'],$ids)) !== false) {
			$ids[$key]="";
		}
	}

	unset($first['id']);
	$keys = array_keys($first);
	for($i=0 ; $i<count($keys) ; $i++) {
		if(!$first[$keys[$i]]) unset($first[$keys[$i]]);
	}

	for($i=0 ; $i<count($ids) ; $i++) {
		if($ids[$i] == "") continue;

		$first['share_with'] = $ids[$i];

		$cols = implode("`,`",array_keys($first));
		$values = implode("','",array_values($first));

		$query = "INSERT INTO `oc_share` (`$cols`) VALUES ('$values');\n";
		print("{$rowid['share_with']}, {$ids[$i]} -> {$first['parent']}\n");
		$mysql->query($query) or die($mysql->error);
	}
}

?>
5

Hello,
II got the same problem. I’ve tested the script without executing the insert command and it look likes all is correct. Perhaps, before I use it on my server could someone tell me if you had any problem using it ?
Thank you.

6

I had the same problem. Running occ maintenance:repair fixed it for me.