[Solved] LDAP | Usernames are incorrect, previously 'no users found'

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version : 24.0.2
Operating system and version:

pi@raspberrypi:~ $ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
#It's actually Raspberry Pi OS Lite, but it shows as Debian

Apache or nginx version: Apache/2.4.54 (Debian)
PHP version: 8.0

The issue you are facing:
The Nextcloud LDAP/AD integration is unable to find users in the LDAP database

Is this the first time you’ve seen this error? (Y/N):Kind of

Steps to replicate it:

I have an LDAP database which look like

I tried various different LDAP filters and LDAP servers. The current LDAP server I’m using is Open JD 4.5.0, but I’m still unable to log users in with LDAP.
Currently my LDAP config is

pi@raspberrypi:/var/www/nextcloud $ sudo -u www-data php -f occ ldap:show-config
+-------------------------------+---------------------------------------------+
| Configuration                 | s01                                         |
+-------------------------------+---------------------------------------------+
| hasMemberOfFilterSupport      | 0                                           |
| homeFolderNamingRule          |                                             |
| lastJpegPhotoLookup           | 0                                           |
| ldapAgentName                 | cn=Directory Manager                        |
| ldapAgentPassword             | ***                                         |
| ldapAttributesForGroupSearch  |                                             |
| ldapAttributesForUserSearch   |                                             |
| ldapBackupHost                |                                             |
| ldapBackupPort                |                                             |
| ldapBase                      | dc=minersonline,dc=ddns,dc=net              |
| ldapBaseGroups                |                                             |
| ldapBaseUsers                 | ou=People,dc=minersonline,dc=ddns,dc=net    |
| ldapCacheTTL                  | 600                                         |
| ldapConfigurationActive       | 1                                           |
| ldapDefaultPPolicyDN          |                                             |
| ldapDynamicGroupMemberURL     |                                             |
| ldapEmailAttribute            |                                             |
| ldapExperiencedAdmin          | 0                                           |
| ldapExpertUUIDGroupAttr       |                                             |
| ldapExpertUUIDUserAttr        |                                             |
| ldapExpertUsernameAttr        |                                             |
| ldapExtStorageHomeAttribute   |                                             |
| ldapGidNumber                 | gidNumber                                   |
| ldapGroupDisplayName          | ou                                          |
| ldapGroupFilter               | objectClass=organizationalUnit              |
| ldapGroupFilterGroups         |                                             |
| ldapGroupFilterMode           | 1                                           |
| ldapGroupFilterObjectclass    |                                             |
| ldapGroupMemberAssocAttr      |                                             |
| ldapHost                      | 192.168.0.12                                |
| ldapIgnoreNamingRules         |                                             |
| ldapLoginFilter               | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes     |                                             |
| ldapLoginFilterEmail          | 0                                           |
| ldapLoginFilterMode           | 1                                           |
| ldapLoginFilterUsername       | 1                                           |
| ldapMatchingRuleInChainState  | unknown                                     |
| ldapNestedGroups              | 0                                           |
| ldapOverrideMainServer        |                                             |
| ldapPagingSize                | 500                                         |
| ldapPort                      | 1389                                        |
| ldapQuotaAttribute            |                                             |
| ldapQuotaDefault              |                                             |
| ldapTLS                       | 0                                           |
| ldapUserAvatarRule            | default                                     |
| ldapUserDisplayName           | displayName                                 |
| ldapUserDisplayName2          |                                             |
| ldapUserFilter                | (|(objectclass=inetOrgPerson))              |
| ldapUserFilterGroups          |                                             |
| ldapUserFilterMode            | 1                                           |
| ldapUserFilterObjectclass     | inetOrgPerson                               |
| ldapUuidGroupAttribute        | auto                                        |
| ldapUuidUserAttribute         | auto                                        |
| turnOffCertCheck              | 0                                           |
| turnOnPasswordChange          | 0                                           |
| useMemberOfToDetectMembership | 1                                           |
+-------------------------------+---------------------------------------------+

However Nextcloud thinks my configuration is correct

pi@raspberrypi:/var/www/nextcloud $ sudo -u www-data php -f occ ldap:test-config s01
The configuration is valid and the connection could be established!

Also the user report states that there are no LDAP users

pi@raspberrypi:/var/www/nextcloud $ sudo -u www-data php -f occ user:report
+------------------+---+
| User Report      |   |
+------------------+---+
| Database         | 1 |
|                  |   |
| total users      | 1 |
|                  |   |
| user directories | 2 |
| active users     | 1 |
| disabled users   | 0 |
+------------------+---+

The output of your Nextcloud log in Admin > Logging:

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => ***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' =>
  array (
    0 => '***',
    1 => '***',
  ),
  'datadirectory' => '/***/data',
  'dbtype' => 'mysql',
  'version' => '24.0.2.1',
  'overwrite.cli.url' => 'https://***/nextcloud',
  'dbname' => '***',
  'dbhost' => 'localhost',
  'dbport' => '3306',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '***',
  'dbpassword' => '***',
  'installed' => true,
  'app_install_overwrite' =>
  array (
    0 => 'documentserver_community',
  ),
  'onlyoffice' =>
  array (
    'jwt_header' => 'AuthorizationJwt',
  ),
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);

The output of your Apache/nginx/system log in /var/log/____:

No errors apart from ones which have all ready been solved.

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

the log from before is filled with errors

I’m also new to this LDAP stuff in general.

After a day, the users are now in the Nextcloud instance, but their usernames are incorrect, however I’m still able to log in with the correct username

The ‘username’ should match the LDAP’s ‘uid’ but it doesn’t and instead show a random uuid

It uses that GUID by default. I think primarily in case of username changes. There’s an option in Nextcloud to change to use another field, but it won’t change it on existing accounts.

Thank you, it helped!