Problems with user_ldap version 1.10.2 in Nextcloud 20.0.1

Hello all;
Installed Nextcloud 20.0.1 in CentOS 8, samba4 as Active Directory Domain Controller.
Hostname and IP address where nextcloud is installed:
gtmnb1.gtm.onat.gob.cu - 192.168.14.18
Hostname and IP address where samba4 is installed:
gtmad.gtm.onat.gob.cu - 192.168.41.17
There are firewall rules for communication between nextcloud server and samba4 to take place.

I trying to configure the app user_ldap but have problems.

On the Server tab, after entering the LDAP server address (ldaps: //gtmad.gtm.onat.gob.cu) and clicking the “Detect Port” button, it doesn’t solve it and it gives me an error message saying:

‘Please enter the port, it could not autodetect’

If I write the port value (636), the user DN value to allow working on LDAP server (CN=Administrator,CN=Users,DC=gtm,DC=onat,DC=gob,DC=cu) when I press the button “Detect Base DN” Nextcloud returns

‘Could not detect Base DN, please enter it manually’

When I do it (DC=gtm,DC=onat,DC=gob,DC=cu) and press the button “Test Base DN” I get the messages:

‘The Base DN seems to be wrong’
‘Lost connection to LDAP server’

Everything indicates that there is no communication with the ldap server (gtmad.gtm.onat.gob.cu), but when I use telnet or ping command, I can connect:

telnet gtmad.gtm.onat.gob.cu 636

Trying 192.168.41.17…
Connected to gtmad.gtm.onat.gob.cu.
Escape character is ‘^]’.

ping gtmad.gtm.onat.gob.cu

PING gtmad.gtm.onat.gob.cu (192.168.41.17) 56(84) bytes of data.
64 bytes from gtmad.gtm.onat.gob.cu (192.168.41.17): icmp_seq=1 ttl=63 time=0.302 ms
64 bytes from gtmad.gtm.onat.gob.cu (192.168.41.17): icmp_seq=2 ttl=63 time=0.325 ms

As a help I kept track of what is generated in the traces as I was doing each of the steps and this is the result:

When pressing “Autodetect port” button:

{“reqId”:“X6v6SpoE@iSRtxr2K1T5dAAAAJg”,“level”:3,“time”:“2020-11-11T14:50:50+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“PHP”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:{“Exception”:“Error”,“Message”:“ldap_bind(): Unable to bind to server: Can’t contact LDAP server at /var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php#341”,“Code”:0,“Trace”:[{“function”:“onError”,“class”:“OC\Log\ErrorHandler”,“type”:"::"},{“function”:“ldap_bind”,“args”:["*** sensitive parameters replaced "]},{“file”:"/var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php",“line”:341,“function”:“call_user_func_array”},{“file”:"/var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php",“line”:63,“function”:“invokeLDAPMethod”,“class”:“OCA\User_LDAP\LDAP”,“type”:"->",“args”:[" sensitive parameters replaced "]},{“file”:"/var/www/html/nextcloud/apps/user_ldap/lib/Wizard.php",“line”:1072,“function”:“bind”,“class”:“OCA\User_LDAP\LDAP”,“type”:"->",“args”:[" sensitive parameters replaced "]},{“file”:"/var/www/html/nextcloud/apps/user_ldap/lib/Wizard.php",“line”:689,“function”:“connectAndBind”,“class”:“OCA\User_LDAP\Wizard”,“type”:"->"},{“file”:"/var/www/html/nextcloud/apps/user_ldap/ajax/wizard.php",“line”:97,“function”:“guessPortAndTLS”,“class”:“OCA\User_LDAP\Wizard”,“type”:"->"},{“file”:"/var/www/html/nextcloud/lib/private/Route/Route.php",“line”:156,“args”:["/var/www/html/nextcloud/apps/user_ldap/ajax/wizard.php"],“function”:“require_once”},{“function”:“OC\Route\{closure}”,“class”:“OC\Route\Route”,“type”:"->",“args”:[" sensitive parameters replaced ***"]},{“file”:"/var/www/html/nextcloud/lib/private/Route/Router.php",“line”:315,“function”:“call_user_func”},{“file”:"/var/www/html/nextcloud/lib/base.php",“line”:1009,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->"},{“file”:"/var/www/html/nextcloud/index.php",“line”:37,“function”:“handleRequest”,“class”:“OC”,“type”:"::"}],“File”:"/var/www/html/nextcloud/lib/private/Log/ErrorHandler.php",“Line”:91,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}

If I add the port: (this repeats it twice)

{“reqId”:“X6v7S4ufHPQChi4gT4XE8AAAABI”,“level”:2,“time”:“2020-11-11T14:55:07+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Port given!”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v7S4ufHPQChi4gT4XE8AAAABI”,“level”:2,“time”:“2020-11-11T14:55:07+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v7S4ufHPQChi4gT4XE8AAAABI”,“level”:2,“time”:“2020-11-11T14:55:07+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): Not a single Base DN given.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v7S4ufHPQChi4gT4XE8AAAABI”,“level”:2,“time”:“2020-11-11T14:55:07+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}

When I add the DN of the user who controls the ldap and the password (this repeats it twice):

{“reqId”:“X6v8F4ufHPQChi4gT4XE@AAAABU”,“level”:2,“time”:“2020-11-11T14:58:32+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v8F4ufHPQChi4gT4XE@AAAABU”,“level”:2,“time”:“2020-11-11T14:58:32+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): Not a single Base DN given.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v8F4ufHPQChi4gT4XE@AAAABU”,“level”:2,“time”:“2020-11-11T14:58:32+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}

When you press the “Detect Base DN” button (this repeats twice):

{“reqId”:“X6v9DMRUCNgp5bpdxxvbswAAAM8”,“level”:2,“time”:“2020-11-11T15:02:36+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v9DMRUCNgp5bpdxxvbswAAAM8”,“level”:2,“time”:“2020-11-11T15:02:36+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): Not a single Base DN given.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v9DMRUCNgp5bpdxxvbswAAAM8”,“level”:2,“time”:“2020-11-11T15:02:36+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}

If I type the Base DN manually and hit the “Check Base DN” button (this repeats twice):

{“reqId”:“X6v@HWD7Jw2GQHL-6CAKHAAAAFg”,“level”:2,“time”:“2020-11-11T15:07:09+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}
{“reqId”:“X6v@HWD7Jw2GQHL-6CAKHAAAAFg”,“level”:2,“time”:“2020-11-11T15:07:09+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.1.1”}

All the problems are generated because the nextcloud cannot connect with the samba4 server, but the server where it is installed does, according to the telnet result.

Additionally, I have a nextcloud server version 18.0.4 with the user_ldap app working without problems using the same samba4 as ldap server.

Is there a problem with the user_ldap app in Nextcloud version 20?
Any suggestion to solve this issue?

Thanks in advance.

Rommel

Yesterday I upgrade to the Nextcloud version 20.0.2 and still the same problem with user_ldap app.

Some ideas to work around?

Thanks.

In the Active Directory root directory are an UO named gtm, into this UO are others that contain the users and groups of the Domain:

nextcloud-user_ldap-addc

The DN of user that connect Nextcloud to samba4 is:
CN=ldapconnect,CN=Users,DC=gtm,DC=onat,DC=gob,DC=cu

The DN Base is:
DC=gtm,DC=onat,DC=gob,DC=cu

When I clic on Test Base DN button, have error:

This are the logs of Nextcloud server when clic the button Probar Base DN:

{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:2,“time”:“2020-11-26T20:58:12+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"Confi
guration Error (prefix s01): No LDAP Login Filter given!",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}
{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:2,“time”:“2020-11-26T20:58:12+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"Confi
guration Error (prefix s01): login filter does not contain %uid place holder.",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}
{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:2,“time”:“2020-11-26T20:58:12+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"Confi
guration Error (prefix s01): No LDAP Login Filter given!",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}
{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:2,“time”:“2020-11-26T20:58:12+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"Confi
guration Error (prefix s01): login filter does not contain %uid place holder.",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}
{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:2,“time”:“2020-11-26T20:58:13+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"Bind
failed: 8: Strong(er) authentication required",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}
{“reqId”:“X8AW5OxbOQxRURq3Q6Gv1AAAAIU”,“level”:3,“time”:“2020-11-26T20:58:13+00:00”,“remoteAddr”:“192.168.14.18”,“user”:“administrator”,“app”:“user_ldap”,“method”:“POST”,“url”:"/index.php/apps/user_ldap/ajax/wizard.php",“message”:"No LD
AP Connection to server gtmad.gtm.onat.gob.cu",“userAgent”:“Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0”,“version”:“20.0.2.2”}

Have anybody an idea of how to solve this situation?
Some help to connect Nextcloud to samba4 Active Directory?

Rommel