NC ver: 13.0.0
OS ver: Ubuntu 16.04.3 LTS
Apache ver: 2.4.18
PHP ver: 7.0.22
DB: mysql 5.7.21
Issue:
I have had this installation connected to LDAP for over a year. It started as one of those pre-built installations (I think it started as a 9.x.x version), and I have expanded and upgraded it as newer versions came out (while we were doing testing and documenting). When I went from 12.0.3 to 12.0.5, I took it out of the testing phase and released it to users in production. I only have about 50 users on it, but my AD has thousands. I have one main group in AD that controls access to Nextcloud. I have created additional domain groups that get pulled in to just keep the users logically grouped and in case they want to share with others in AD that are in the same dept. I created local groups that correspond to the domain groups. The primary purpose of this is so that a group admin can add external users to the system. A good example is a Materials Manager that wants to receive quotes from multiple vendors. When I was doing all my testing and documentation, I had it set so that the users had to put in the AD mail attribute or the AD mailNickname attribute to share files with domain users. To share with any external users, the full email address had to be put in. That way, all the vendors in the group would only know about one another IF they correctly typed another vendor’s email address, and any vendor could type in the AD mail attribute or the AD mailNickname of domain account that they want to share with.
Since the upgrade to 12.0.5 and subsequently 13.0.0 (or since I started adding more users…I don’t know which was the cause), I have had some strange issues with “finding” users when sharing. Original sharing set up: “Allow apps to use the Share API” and “Allow sharing with groups” are the only two options checked. Also, in LDAP/AD integration > Advanced > Directory Settings, the User Display Name Field is displayname, the 2nd User Display Name Field is mail, the Base User Tree is the root of my domain, and the User Search Attributes are mail and mailNickname on separate lines. When typing in the mailNickname in the exact case it is in AD, one user will work, and another will not. If I type the email address of the AD user, it will never find the user. If I type the displayname of a user that is not working correctly, it will find the user. If I type the email address of a user that is external (outside my AD, so a local account was created), the result is just like the AD user…some email addresses are “found” and others are not. For those users, the Username, Full Name and Email are all set to the email address.
If I put my test AD user in the same AD group as the AD user I’m trying to share with (the user that does not show up in the example above), AND I check the new box for “Restrict users to only share with users in their groups”, it still will not find the AD user (either via mail or mailNickname). It will still find it with the displayname.
Now, I put the AD group that has all Nextcloud AD users into Nextcloud as a user group, and I checked the new box for “Restrict users to only share with users in their groups”, and the box for “Allow username autocompletion in share dialog”, I can find AD users via mail, mailNickname, and displayname without any problems. I can also find any locally created users via email address that are a member of the groups I’m a member of. BUT, the local users (vendors in one case) can start typing a, b, c, etc. to see what email addresses/names/information they can skim out of the system.
In trying to solve the issue, I did come across a blog post that referenced the below commands.
I executed the two following commands, restarted apache…no go.
sudo -u www-data php /var/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
sudo -u www-data php occ maintenance:repair
I also changed the paging limit to 5000…same problem.
Two items:
- How can I fix Nextcloud or make it fulfil both of the following?:
- All AD users and local users can find other AD users via mail or mailNickname
- All local users can only find other local users via full email address
- If there is no possible way to do 1., I have a hyper-v snapshot of the machine when it had 12.0.5. Can I downgrade the 12.0.5 back to 12.0.3, which seemed to work? I have done all my upgrades manually, so I’m more concerned with whether or not database can handle the downgrade.
First Time error?
Y
Nextcloud log:
“Original sharing setup” aka “Non-working lookup of domain user”
Debug user_ldap initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local)) base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 200 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getGroups Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) 2018-02-07T15:11:28-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:11:28-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 200 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getGroups Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(cn=JHarris*)) 2018-02-07T15:11:28-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:11:28-0700
Debug user_ldap No DN found for JHarris on DC1.DOM.local 2018-02-07T15:11:28-0700
Debug user_ldap No DN found for JHarris on DC2.DOM.local 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=Group)(cn=*Nextcloud_*))) base Array ( [0] => cn=nextcloud_users,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => member ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getUsers: 0 Users found 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getUsers: 0 Users found 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getUsers: Options: search JHarris limit 20000 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris*)) 2018-02-07T15:11:28-0700
Debug user_ldap getUsers: 1 Users found 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris*)(mailNickname=JHarris*))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap getUsers: Options: search JHarris limit 20000 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris*)(mailNickname=JHarris*))) 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap Requested attribute gidnumber not found for cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => gidnumber ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=S-1-5-21-57989841-682003330-1417001333-513)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_GROUP2_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=nextcloud_users,ou=nextcloud,ou=service accounts,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(|(samaccountname=TestDude1)(|(mail=TestDude1)))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail [14] => jpegphoto [15] => thumbnailphoto ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Debug user_ldap readAttribute: cn=dude1\2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local found 2018-02-07T15:11:28-0700
Debug user_ldap initializing paged search for Filter (&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local)) base Array ( [0] => cn=dude1\5c2C test,ou=ittest,ou=it,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => ) limit 5000 offset 0 2018-02-07T15:11:28-0700
Lookup of the same user when “Restrict users to only share with users in their groups” and “Allow username autocompletion in share dialog” are checked:
Debug user_ldap readAttribute: cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local found 2018-02-07T15:13:57-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=nextcloud_GROUP1_domain,ou=nextcloud,ou=service accounts,dc=DOM,dc=local ) attr Array ( [0] => ) limit 5000 offset 0 2018-02-07T15:13:57-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:50-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:50-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:50-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:50-0700
Debug user_ldap getUsers: 0 Users found 2018-02-07T15:12:50-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => ) limit 200 offset 0 2018-02-07T15:12:50-0700
Debug user_ldap getUsers: Options: search JHarris limit 200 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud Users,cn=Users,dc=DOM,dc=local))(displayname=*)(displayname=JHarris)) 2018-02-07T15:12:50-0700
Debug user_ldap getUsers: 1 Users found 2018-02-07T15:12:50-0700
Debug user_ldap initializing paged search for Filter (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris)(mailNickname=JHarris))) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => entryuuid [1] => nsuniqueid [2] => objectguid [3] => guid [4] => ipauniqueid [5] => dn [6] => uid [7] => samaccountname [8] => memberof [9] => [10] => [11] => mail [12] => displayname [13] => mail ) limit 200 offset 0 2018-02-07T15:12:50-0700
Debug user_ldap getUsers: Options: search JHarris limit 200 offset 0 Filter: (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(displayname=*)(|(mail=JHarris)(mailNickname=JHarris))) 2018-02-07T15:12:50-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(member=cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => cn [1] => dn ) limit 500 offset 0 2018-02-07T15:12:27-0700
Debug user_ldap Requested attribute gidnumber not found for cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local 2018-02-07T15:12:27-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => gidnumber ) limit 500 offset 0 2018-02-07T15:12:27-0700
Debug user_ldap initializing paged search for Filter (&(&(&(objectClass=Group)(cn=*Nextcloud_*)))(objectsid=A-SID)) base Array ( [0] => dc=DOM,dc=local ) attr Array ( [0] => dn ) limit 1 offset 0 2018-02-07T15:12:27-0700
Debug user_ldap initializing paged search for Filter objectClass=* base Array ( [0] => cn=harris\5c2C james sopt 6529,ou=marketing,ou=tuc,ou=az,dc=DOM,dc=local ) attr Array ( [0] => primarygroupid ) limit 500 offset 0 2018-02-07T15:12:27-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:17-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:17-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:17-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:17-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:02-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:02-0700
Debug user_ldap getGroups(JHarris): read 0 at offset 0 (limit: 200) 2018-02-07T15:12:02-0700
Debug user_ldap getGroups getGroups-JHarris-200-0 2018-02-07T15:12:02-0700
Config.php:
<?php
$CONFIG = array (
'passwordsalt' => '*',
'secret' => '*',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.999.999',
2 => 'nextcloud.DOM.local',
3 => '206.999.999.999',
4 => 'nextcloud.DOM.com',
5 => 'nextcloudbeta.DOM.com',
),
'datadirectory' => '/var/ncdata',
'skeletondirectory' => '/var/ncdata/files',
'overwrite.cli.url' => 'https://nextcloud.DOM.com',
'versions_retention_obligation' => 15,
0 => 'auto',
'dbtype' => 'mysql',
'version' => '13.0.0.14',
'dbname' => 'nextcloud_db',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_ncadmin',
'dbpassword' => '*',
'logtimezone' => 'MST',
'installed' => true,
'instanceid' => 'ocjpfpi04mdk',
'appstore.experimental.enabled' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpport' => '25',
'mail_smtphost' => 'SMTP.DOM.local',
'mail_from_address' => 'nextcloud',
'mail_domain' => 'DOM.com',
'preview_libreoffice_path' => '/usr/bin/libreoffice',
'memcache.local' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => true,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0,
'dbindex' => 0,
),
'htaccess.RewriteBase' => '/',
'maintenance' => false,
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'ldapUserCleanupInterval' => 20,
'loglevel' => 2,
'updater.release.channel' => 'stable',
'mail_smtpauthtype' => 'LOGIN',
'mysql.utf8mb4' => true,
'enable_avatars' => true,
);
Apache log in /var/log/apache2:
No errors
Output of sudo -u www-data php occ ldap:show-config Note: One thing you may notice when looking at the logs and configs…I had two LDAP servers configured in Nextcloud, and in my troubleshooting, I removed one to see if that was the problem. No change.
| Configuration | s01 |
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=RB_Owncloud,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | mail;mailNickname |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=DOM,dc=local |
| ldapBaseGroups | dc=DOM,dc=local |
| ldapBaseUsers | dc=DOM,dc=local |
| ldapCacheTTL | 601 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 1 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | displayName |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(&(objectClass=Group)(cn=*Nextcloud_*))) |
| ldapGroupFilterGroups | Domain Admins |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | DC1.DOM.local |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local))(|(samaccountname=%uid)(|(mail=%uid)))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 1 |
| ldapOverrideMainServer | |
| ldapPagingSize | 5000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | mail |
| ldapUserFilter | (&(objectClass=User)(memberof=cn=NextCloud_Users,ou=Nextcloud,ou=Service Accounts,dc=DOM,dc=local)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
Final question: 32000 Char Limit on posts?