The password change on Nextcloud linked by LDAP on an ActiveDirectory can’t work

Hi everybody,

For information :

I integrated LDAP support with AD (Windows Server 2022). Unfortunately, my users cannot change passwords in Nextcloud interface.

When a user tries to change his password from the Nextcloud interface he receives this error message: “Unable to change personal password

Error message to change password in Nextcloud logs:

Error : ldap_exop_passwd(): Passwd modify extended operation failed: 0000203D: LdapErr: DSID-0C09144B, comment: Unknown extended request OID, data 0, v4f7c (2) at /var/www/nextcloud/apps/ldap_write_support/lib/LDAPUserManager.php#378

My setup is as follows:

  • Nextcloud 25.0.5 on Debian 11.
  • Installed Windows Server 2022 with AD DS and CA Role
  • Created a bind user that is associated to the “Domain Admin” Role (with the necessary rights)
  • Enabled userPassword
  • Enable LDAPS via port 636 and password changes per user
  • Login Attributes LDAP filter looks like this:
    • (&(&(|(objectclass=person))(|(|(memberof=CN=Test_common_ad,OU=groupes_Test,DC=Test,DC=Test,DC=fr)(primaryGroupID=1123))(|(memberof=CN=Test,OU=groupes_Test,DC=Test,DC=Test,DC=fr)(primaryGroupID=1713))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))

I’ve just changed the real names for obvious reasons.

If anyone has any ideas on how to solve this problem. Thanks.