Trouble with LDAP integration and memberOf

Support intro

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version:
Operating system and version: Fedora 31
Apache or nginx version: Apache/2.4.41 (Fedora)
PHP version: PHP 7.3.13

The issue you are facing:

When attempting to follow this guide to set up LDAP with FreeIPA, when modifying my User filter, the “groups” drop-down is greyed out. I’ve spotted a few other support articles and bug trackers like this one which suggest that the “memberOf” LDAP directive is responsible. In fact, when I manually enter an ldapUserFilter of (memberOf=cn=nextcloudusers,cn=groups,cn=accounts,dc=homelab,dc=local), Nextcloud freezes up and I see a “Gateway Timeout” after a while.

The funny part is, I’ve had a different instance of Nextcloud working with FreeIPA in the past. I set it up using the linked guide, too. But before I wiped my hard drives, I forgot to save my configs and stuff for Nextcloud. :angry: I know that “memberOf” should work, because it’s worked in a different instance. I don’t understand why Nextcloud now freezes when I try to manually specify it.

Is this the first time you’ve seen this error? (Y/N): Y

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '*',
  'passwordsalt' => '*',
  'secret' => '*',
  'trusted_domains' => 
  array (
    0 => 'dragoncloud.homelab.local',
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => 'https://dragoncloud.homelab.local',
  'dbname' => 'nextcloud',
  'dbhost' => 'dragondb.homelab.local',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloudusr',
  'dbpassword' => '*',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'log_type' => 'syslog',
  'memcache.local' => '\OC\Memcache\APCu',

is the primary DNS the LDAP server? Silly question i know… but worth asking

Yes, it is. The server’s running FreeIPA, so its doing LDAP, DNS, Kerberos… It’s even my local certificate authority!