Hi everybody,
For information :
I integrated LDAP support with AD (Windows Server 2022). Unfortunately, my users cannot change passwords in Nextcloud interface.
When a user tries to change his password from the Nextcloud interface he receives this error message: “Unable to change personal password”
Error message to change password in Nextcloud logs:
Error : ldap_exop_passwd(): Passwd modify extended operation failed: 0000203D: LdapErr: DSID-0C09144B, comment: Unknown extended request OID, data 0, v4f7c (2) at /var/www/nextcloud/apps/ldap_write_support/lib/LDAPUserManager.php#378
My setup is as follows:
- Nextcloud 25.0.5 on Debian 11.
- Installed Windows Server 2022 with AD DS and CA Role
- Created a bind user that is associated to the “Domain Admin” Role (with the necessary rights)
- Enabled userPassword
- Enable LDAPS via port 636 and password changes per user
- Login Attributes LDAP filter looks like this:
- (&(&(|(objectclass=person))(|(|(memberof=CN=Test_common_ad,OU=groupes_Test,DC=Test,DC=Test,DC=fr)(primaryGroupID=1123))(|(memberof=CN=Test,OU=groupes_Test,DC=Test,DC=Test,DC=fr)(primaryGroupID=1713))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
I’ve just changed the real names for obvious reasons.
If anyone has any ideas on how to solve this problem. Thanks.