[Solved] Desktop client can't connect after setting up LDAP

Hi,

i’m facing a strange issue with LDAP and the Desktop client. I have successfully setup a LDAP Directory Service on my Synology Server and was able connect my Nextcloud instance to it via the LDAP App. So far everything seems to work (I can list the user and groups and login via Browser). But the login via browser takes around 30s in my home network and almost 60s when i’m connecting from the outside. The problem is, that all of my Desktop clients refuse to connect and result in “operation aborted”. I assume this is because of the login process is taking so long.

I periodically get errors in the log stating “lost connection to LDAP”.

Has anyone faced a similar issue?

Is it possible to increase the timeout for the Desktop-Clients?

I am running Nextcloud 12.0.3 within Docker, together with a Synology Directory Server.

here is my obfuscated ldap-configuration:

+-------------------------------+--------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                            |
+-------------------------------+--------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                          |
| hasPagedResultSupport         |                                                                                            |
| homeFolderNamingRule          |                                                                                            |
| lastJpegPhotoLookup           | 0                                                                                          |
| ldapAgentName                 | uid=root,cn=users,dc=mydomain,dc=de                                                      |
| ldapAgentPassword             | ***                                                                                        |
| ldapAttributesForGroupSearch  | cn                                                                                         |
| ldapAttributesForUserSearch   | displayName                                                                                |
| ldapBackupHost                |                                                                                            |
| ldapBackupPort                |                                                                                            |
| ldapBase                      | dc=mydomain,dc=de                                                                        |
| ldapBaseGroups                | cn=groups,dc=mydomain,dc=de                                                              |
| ldapBaseUsers                 | cn=users,dc=mydomain,dc=de                                                               |
| ldapCacheTTL                  | 600                                                                                        |
| ldapConfigurationActive       | 1                                                                                          |
| ldapDefaultPPolicyDN          |                                                                                            |
| ldapDynamicGroupMemberURL     |                                                                                            |
| ldapEmailAttribute            | mail                                                                                       |
| ldapExperiencedAdmin          | 0                                                                                          |
| ldapExpertUUIDGroupAttr       |                                                                                            |
| ldapExpertUUIDUserAttr        |                                                                                            |
| ldapExpertUsernameAttr        | uid                                                                                        |
| ldapGidNumber                 | gidNumber                                                                                  |
| ldapGroupDisplayName          | cn                                                                                         |
| ldapGroupFilter               | (|(cn=mydomain))                                                                         |
| ldapGroupFilterGroups         | MyGroup                                                                                 |
| ldapGroupFilterMode           | 1                                                                                          |
| ldapGroupFilterObjectclass    |                                                                                            |
| ldapGroupMemberAssocAttr      | member                                                                                     |
| ldapHost                      | ldaps://192.168.1.123                                                                     |
| ldapIgnoreNamingRules         |                                                                                            |
| ldapLoginFilter               | (&(|(objectClass=inetOrgPerson))(uid=%uid))                                                |
| ldapLoginFilterAttributes     |                                                                                            |
| ldapLoginFilterEmail          | 0                                                                                          |
| ldapLoginFilterMode           | 1                                                                                          |
| ldapLoginFilterUsername       | 1                                                                                          |
| ldapNestedGroups              | 0                                                                                          |
| ldapOverrideMainServer        |                                                                                            |
| ldapPagingSize                | 500                                                                                        |
| ldapPort                      | 636                                                                                        |
| ldapQuotaAttribute            |                                                                                            |
| ldapQuotaDefault              |                                                                                            |
| ldapTLS                       | 0                                                                                          |
| ldapUserDisplayName           | cn                                                                                         |
| ldapUserDisplayName2          |                                                                                            |
| ldapUserFilter                | (&(|(objectclass=inetOrgPerson))(|(memberof=cn=mydomain,cn=groups,dc=mydomain,dc=de))) |
| ldapUserFilterGroups          | mydomain                                                                                 |
| ldapUserFilterMode            | 1                                                                                          |
| ldapUserFilterObjectclass     | inetOrgPerson                                                                              |
| ldapUuidGroupAttribute        | auto                                                                                       |
| ldapUuidUserAttribute         | auto                                                                                       |
| turnOffCertCheck              | 1                                                                                          |
| turnOnPasswordChange          | 1                                                                                          |
| useMemberOfToDetectMembership | 1                                                                                          |

±------------------------------±-------------------------------------------------------------------------------------------+

a log snippet:

OC\ServerNotAvailableException: Lost connection to LDAP server.

/nextcloud/apps/user_ldap/lib/LDAP.php - line 368: OCA\User_LDAP\LDAP->processLDAPError(Resource id #31)
/nextcloud/apps/user_ldap/lib/LDAP.php - line 295: OCA\User_LDAP\LDAP->postFunctionCall()
/nextcloud/apps/user_ldap/lib/LDAP.php - line 46: OCA\User_LDAP\LDAP->invokeLDAPMethod(*** sensitive parameters replaced ***)
/nextcloud/apps/user_ldap/lib/Connection.php - line 614: OCA\User_LDAP\LDAP->bind(*** sensitive parameters replaced ***)
/nextcloud/apps/user_ldap/lib/Connection.php - line 539: OCA\User_LDAP\Connection->bind(*** sensitive parameters replaced ***)
/nextcloud/apps/user_ldap/lib/Connection.php - line 172: OCA\User_LDAP\Connection->establishConnection()
/nextcloud/apps/user_ldap/lib/Connection.php - line 180: OCA\User_LDAP\Connection->init()
/nextcloud/apps/user_ldap/lib/Access.php - line 1005: OCA\User_LDAP\Connection->getConnectionResource()
/nextcloud/apps/user_ldap/lib/Access.php - line 1166: OCA\User_LDAP\Access->executeSearch('(&(|(objectClas...', Array, Array, NULL, NULL)
/nextcloud/apps/user_ldap/lib/Access.php - line 890: OCA\User_LDAP\Access->search('(&(|(objectClas...', Array, Array, NULL, NULL)
/nextcloud/apps/user_ldap/lib/Access.php - line 806: OCA\User_LDAP\Access->searchUsers('(&(|(objectClas...', Array, NULL, NULL)
/nextcloud/apps/user_ldap/lib/Access.php - line 780: OCA\User_LDAP\Access->fetchListOfUsers('(&(|(objectClas...', Array)
/nextcloud/apps/user_ldap/lib/User_LDAP.php - line 136: OCA\User_LDAP\Access->fetchUsersByLoginName('Michael', Array)
/nextcloud/apps/user_ldap/lib/User_LDAP.php - line 153: OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName('Michael')
[internal function] OCA\User_LDAP\User_LDAP->checkPassword(*** sensitive parameters replaced ***)
/nextcloud/apps/user_ldap/lib/User_Proxy.php - line 98: call_user_func_array(Array, Array)
/nextcloud/apps/user_ldap/lib/Proxy.php - line 148: OCA\User_LDAP\User_Proxy->callOnLastSeenOn('Michael', 'checkPassword', Array, false)
/nextcloud/apps/user_ldap/lib/User_Proxy.php - line 186: OCA\User_LDAP\Proxy->handleRequest('Michael', 'checkPassword', Array)
/nextcloud/lib/private/User/Manager.php - line 216: OCA\User_LDAP\User_Proxy->checkPassword(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Manager.php - line 193: OC\User\Manager->checkPasswordNoLogging(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 544: OC\User\Manager->checkPassword(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 326: OC\User\Session->loginWithPassword(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 400: OC\User\Session->login(*** sensitive parameters replaced ***)
/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php - line 129: OC\User\Session->logClientIn(*** sensitive parameters replaced ***)
/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php - line 105: OCA\DAV\Connector\Sabre\Auth->validateUserPass(*** sensitive parameters replaced ***)
/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php - line 252: Sabre\DAV\Auth\Backend\AbstractBasic->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php - line 154: OCA\DAV\Connector\Sabre\Auth->auth(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 201: OCA\DAV\Connector\Sabre\Auth->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php - line 150: Sabre\DAV\Auth\Plugin->check(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)
/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/nextcloud/apps/dav/lib/Server.php - line 258: Sabre\DAV\Server->exec()
/nextcloud/apps/dav/appinfo/v2/remote.php - line 33: OCA\DAV\Server->exec()
/nextcloud/remote.php - line 162: require_once('/nextcloud/apps...')
{main}

Thanks and Regards,

M

I think i have found the issue. It seems that the bruteforce app was causing the issue. I have now deleted all entries from the table oc_bruteforce_attempts and voila my desktop clients connect immedieately!

I found the hint here: