Sharing can't find some contacts

NC ver: 13.0.0
OS ver: Ubuntu 16.04.3 LTS
Apache ver: 2.4.18
PHP ver: 7.0.22
DB: mysql 5.7.21

Issue:
I have had this installation connected to LDAP for over a year. It started as one of those pre-built installations (I think it started as a 9.x.x version), and I have expanded and upgraded it as newer versions came out (while we were doing testing and documenting). When I went from 12.0.3 to 12.0.5, I took it out of the testing phase and released it to users in production. I only have about 50 users on it, but my AD has thousands. I have one main group in AD that controls access to Nextcloud. I have created additional domain groups that get pulled in to just keep the users logically grouped and in case they want to share with others in AD that are in the same dept. I created local groups that correspond to the domain groups. The primary purpose of this is so that a group admin can add external users to the system. A good example is a Materials Manager that wants to receive quotes from multiple vendors. When I was doing all my testing and documentation, I had it set so that the users had to put in the AD mail attribute or the AD mailNickname attribute to share files with domain users. To share with any external users, the full email address had to be put in. That way, all the vendors in the group would only know about one another IF they correctly typed another vendor’s email address, and any vendor could type in the AD mail attribute or the AD mailNickname of domain account that they want to share with.

Since the upgrade to 12.0.5 and subsequently 13.0.0 (or since I started adding more users…I don’t know which was the cause), I have had some strange issues with “finding” users when sharing. Original sharing set up: “Allow apps to use the Share API” and “Allow sharing with groups” are the only two options checked. Also, in LDAP/AD integration > Advanced > Directory Settings, the User Display Name Field is displayname, the 2nd User Display Name Field is mail, the Base User Tree is the root of my domain, and the User Search Attributes are mail and mailNickname on separate lines. When typing in the mailNickname in the exact case it is in AD, one user will work, and another will not. If I type the email address of the AD user, it will never find the user. If I type the displayname of a user that is not working correctly, it will find the user. If I type the email address of a user that is external (outside my AD, so a local account was created), the result is just like the AD user…some email addresses are “found” and others are not. For those users, the Username, Full Name and Email are all set to the email address.

If I put my test AD user in the same AD group as the AD user I’m trying to share with (the user that does not show up in the example above), AND I check the new box for “Restrict users to only share with users in their groups”, it still will not find the AD user (either via mail or mailNickname). It will still find it with the displayname.

Now, I put the AD group that has all Nextcloud AD users into Nextcloud as a user group, and I checked the new box for “Restrict users to only share with users in their groups”, and the box for “Allow username autocompletion in share dialog”, I can find AD users via mail, mailNickname, and displayname without any problems. I can also find any locally created users via email address that are a member of the groups I’m a member of. BUT, the local users (vendors in one case) can start typing a, b, c, etc. to see what email addresses/names/information they can skim out of the system.

In trying to solve the issue, I did come across a blog post that referenced the below commands.
I executed the two following commands, restarted apache…no go.
sudo -u www-data php /var/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
sudo -u www-data php occ maintenance:repair

I also changed the paging limit to 5000…same problem.

Two items:

  1. How can I fix Nextcloud or make it fulfil both of the following?:
  • All AD users and local users can find other AD users via mail or mailNickname
  • All local users can only find other local users via full email address
  1. If there is no possible way to do 1., I have a hyper-v snapshot of the machine when it had 12.0.5. Can I downgrade the 12.0.5 back to 12.0.3, which seemed to work? I have done all my upgrades manually, so I’m more concerned with whether or not database can handle the downgrade.

First Time error?
Y

Nextcloud log:

“Original sharing setup” aka “Non-working lookup of domain user”

Debug	user_ldap	initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local)) base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 200 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*))	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 200 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*))	2018-02-07T15:11:28-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:11:28-0700
Debug	user_ldap	No DN found for JHarris on DC1.DOM.local	2018-02-07T15:11:28-0700
Debug	user_ldap	No DN found for JHarris on DC2.DOM.local	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_users,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getUsers: 0 Users found	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getUsers: 0 Users found	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getUsers: Options: search JHarris limit 20000 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*))	2018-02-07T15:11:28-0700
Debug	user_ldap	getUsers: 1 Users found	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris*)(mailNickname=JHarris*))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	getUsers: Options: search JHarris limit 20000 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris*)(mailNickname=JHarris*)))	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	Requested attribute gidnumber not found for cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => gidnumber ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=S-1-5-21-57989841-682003330-1417001333-513)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_users,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(|(samaccountname=TestDude1)(|(mail=TestDude1)))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail [14] => jpegphoto [15] => thumbnailphoto ) limit 5000 offset 0	2018-02-07T15:11:28-0700
Debug	user_ldap	readAttribute: cn=dude1\2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local found	2018-02-07T15:11:28-0700
Debug	user_ldap	initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local)) base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => ) limit 5000 offset 0	2018-02-07T15:11:28-0700

Lookup of the same user when “Restrict users to only share with users in their groups” and “Allow username autocompletion in share dialog” are checked:

Debug	user_ldap	readAttribute: cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local found	2018-02-07T15:13:57-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => ) limit 5000 offset 0	2018-02-07T15:13:57-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:50-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:50-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:50-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:50-0700
Debug	user_ldap	getUsers: 0 Users found	2018-02-07T15:12:50-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 200 offset 0	2018-02-07T15:12:50-0700
Debug	user_ldap	getUsers: Options: search JHarris limit 200 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris))	2018-02-07T15:12:50-0700
Debug	user_ldap	getUsers: 1 Users found	2018-02-07T15:12:50-0700
Debug	user_ldap	initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris)(mailNickname=JHarris))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail ) limit 200 offset 0	2018-02-07T15:12:50-0700
Debug	user_ldap	getUsers: Options: search JHarris limit 200 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris)(mailNickname=JHarris)))	2018-02-07T15:12:50-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 500 offset 0	2018-02-07T15:12:27-0700
Debug	user_ldap	Requested attribute gidnumber not found for cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local	2018-02-07T15:12:27-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => gidnumber ) limit 500 offset 0	2018-02-07T15:12:27-0700
Debug	user_ldap	initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0	2018-02-07T15:12:27-0700
Debug	user_ldap	initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0	2018-02-07T15:12:27-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:17-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:17-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:17-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:17-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:02-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:02-0700
Debug	user_ldap	getGroups(JHarris): read 0 at offset 0 (limit: 200)	2018-02-07T15:12:02-0700
Debug	user_ldap	getGroups getGroups-JHarris-200-0	2018-02-07T15:12:02-0700

Config.php:

<?php
$CONFIG = array (
  'passwordsalt' => '*',
  'secret' => '*',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '192.168.999.999',
    2 => 'nextcloud.DOM.local',
    3 => '206.999.999.999',
    4 => 'nextcloud.DOM.com',
    5 => 'nextcloudbeta.DOM.com',
  ),
  'datadirectory' => '/var/ncdata',
  'skeletondirectory' => '/var/ncdata/files',
  'overwrite.cli.url' => 'https://nextcloud.DOM.com',
  'versions_retention_obligation' => 15,
  0 => 'auto',
  'dbtype' => 'mysql',
  'version' => '13.0.0.14',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_ncadmin',
  'dbpassword' => '*',
  'logtimezone' => 'MST',
  'installed' => true,
  'instanceid' => 'ocjpfpi04mdk',
  'appstore.experimental.enabled' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtpport' => '25',
  'mail_smtphost' => 'SMTP.DOM.local',
  'mail_from_address' => 'nextcloud',
  'mail_domain' => 'DOM.com',
  'preview_libreoffice_path' => '/usr/bin/libreoffice',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0,
    'dbindex' => 0,
  ),
  'htaccess.RewriteBase' => '/',
  'maintenance' => false,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
  'ldapUserCleanupInterval' => 20,
  'loglevel' => 2,
  'updater.release.channel' => 'stable',
  'mail_smtpauthtype' => 'LOGIN',
  'mysql.utf8mb4' => true,
  'enable_avatars' => true,
);

Apache log in /var/log/apache2:

No errors

Output of sudo -u www-data php occ ldap:show-config Note: One thing you may notice when looking at the logs and configs…I had two LDAP servers configured in Nextcloud, and in my troubleshooting, I removed one to see if that was the problem. No change.

| Configuration                 | s01                                                                                                                                               |
| hasMemberOfFilterSupport      | 0                                                                                                                                                 |
| hasPagedResultSupport         |                                                                                                                                                   |
| homeFolderNamingRule          |                                                                                                                                                   |
| lastJpegPhotoLookup           | 0                                                                                                                                                 |
| ldapAgentName                 | cn=RB_Owncloud,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local                                                                              |
| ldapAgentPassword             | ***                                                                                                                                               |
| ldapAttributesForGroupSearch  |                                                                                                                                                   |
| ldapAttributesForUserSearch   | mail;mailNickname                                                                                                                                 |
| ldapBackupHost                |                                                                                                                                                   |
| ldapBackupPort                |                                                                                                                                                   |
| ldapBase                      | dc=DOM,dc=local                                                                                                                              |
| ldapBaseGroups                | dc=DOM,dc=local                                                                                                                              |
| ldapBaseUsers                 | dc=DOM,dc=local                                                                                                                              |
| ldapCacheTTL                  | 601                                                                                                                                               |
| ldapConfigurationActive       | 1                                                                                                                                                 |
| ldapDefaultPPolicyDN          |                                                                                                                                                   |
| ldapDynamicGroupMemberURL     |                                                                                                                                                   |
| ldapEmailAttribute            | mail                                                                                                                                              |
| ldapExperiencedAdmin          | 1                                                                                                                                                 |
| ldapExpertUUIDGroupAttr       |                                                                                                                                                   |
| ldapExpertUUIDUserAttr        |                                                                                                                                                   |
| ldapExpertUsernameAttr        | displayName                                                                                                                                       |
| ldapGidNumber                 | gidNumber                                                                                                                                         |
| ldapGroupDisplayName          | cn                                                                                                                                                |
| ldapGroupFilter               | (&(&(objectClass=Group)(cn=*Nextcloud_*)))                                                                                                        |
| ldapGroupFilterGroups         | Domain Admins                                                                                                                                     |
| ldapGroupFilterMode           | 1                                                                                                                                                 |
| ldapGroupFilterObjectclass    | group                                                                                                                                             |
| ldapGroupMemberAssocAttr      | member                                                                                                                                            |
| ldapHost                      | DC1.DOM.local                                                                                                                          |
| ldapIgnoreNamingRules         |                                                                                                                                                   |
| ldapLoginFilter               | (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(|(samaccountname=%uid)(|(mail=%uid)))) |
| ldapLoginFilterAttributes     |                                                                                                                                                   |
| ldapLoginFilterEmail          | 1                                                                                                                                                 |
| ldapLoginFilterMode           | 0                                                                                                                                                 |
| ldapLoginFilterUsername       | 1                                                                                                                                                 |
| ldapNestedGroups              | 1                                                                                                                                                 |
| ldapOverrideMainServer        |                                                                                                                                                   |
| ldapPagingSize                | 5000                                                                                                                                              |
| ldapPort                      | 389                                                                                                                                               |
| ldapQuotaAttribute            |                                                                                                                                                   |
| ldapQuotaDefault              |                                                                                                                                                   |
| ldapTLS                       | 0                                                                                                                                                 |
| ldapUserDisplayName           | displayname                                                                                                                                       |
| ldapUserDisplayName2          | mail                                                                                                                                              |
| ldapUserFilter                | (&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))                                          |
| ldapUserFilterGroups          |                                                                                                                                                   |
| ldapUserFilterMode            | 0                                                                                                                                                 |
| ldapUserFilterObjectclass     |                                                                                                                                                   |
| ldapUuidGroupAttribute        | auto                                                                                                                                              |
| ldapUuidUserAttribute         | auto                                                                                                                                              |
| turnOffCertCheck              | 0                                                                                                                                                 |
| turnOnPasswordChange          | 0                                                                                                                                                 |
| useMemberOfToDetectMembership | 1                                                                                                                                                 |

Final question: 32000 Char Limit on posts?

Well, I have solved my own issues. It appears that at some point the user database got duplicates in it, causing this issue. The steps I took to find/solve the issue:
Show remnants of LDAP users that were deleted:

sudo -u www-data php occ ldap:show-remnants

What I saw was a bunch of users that had two usernames. For example, JSmith and JSmith_1234 where the 1234 was a random number. I have seen this in other posts, such as:


I think something either happened because I had two LDAP servers set up to the same directory or at some point the guy that was the Nextcloud admin before me had started to pull in the whole directory. Also, rather than using the displayName as the UID, I thought it might be better to use the mailNickname. Since I only had 50 users in the system and no real data to speak of, I decided to remove the users, make the changes, remove all the remnants and re-add the users (and data for those that had it).
Change the internal Username Attribute to mailNickname under Expert in LDAP/AD Integration.
Remove a user or group of users from the AD group(s)
Facilitate the changes in Nextcloud by clicking on ‘Verify settings and count users’, then ‘Verify settings and count the groups’, and finally https://nextcloud.mydomain.com/cron.php to force the cron.
Re-run the show-remnants command from above until the user was listed as deleted.
Copy the user data to a temp location in the server and remove the remnants:

cp -rf /var/ncdata/JSmith /var/ncdata/John
sudo -u www-data php occ user:delete JSmith

Add the user to the group(s) in AD, facilitate the changes again.
Have the user login and log out of Nextcloud…this creates their profile directory again.
Copy the user data back in to their directory. The first time, it “didn’t work”, meaning that they could not see their data. This can be achieved by adding a line to your config.php, which I found here:

Data was back, and the user just had to re-share it. Another way to accomplish the data backup and restore was to have the user load the client, sync their data, then go through the deletion process and use the client to push the data back up.
After removing all users from the system, and all the remnants from the extra users (underscore plus four numbers users), and making the UID change, my sharing works the way it did before I started having problems. I also added the second LDAP server as a “Backup (Replica) Host” under LDAP/AD Integration > Advanced > Connection Settings, instead of as a second LDAP server.