Trouble with LDAP integration and memberOf

ℹ️ Support
1
Support intro

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version: 16.0.3.0
Operating system and version: Fedora 31
Apache or nginx version: Apache/2.4.41 (Fedora)
PHP version: PHP 7.3.13

The issue you are facing:

When attempting to follow this guide to set up LDAP with FreeIPA, when modifying my User filter, the “groups” drop-down is greyed out. I’ve spotted a few other support articles and bug trackers like this one which suggest that the “memberOf” LDAP directive is responsible. In fact, when I manually enter an ldapUserFilter of (memberOf=cn=nextcloudusers,cn=groups,cn=accounts,dc=homelab,dc=local), Nextcloud freezes up and I see a “Gateway Timeout” after a while.

The funny part is, I’ve had a different instance of Nextcloud working with FreeIPA in the past. I set it up using the linked guide, too. But before I wiped my hard drives, I forgot to save my configs and stuff for Nextcloud. :angry: I know that “memberOf” should work, because it’s worked in a different instance. I don’t understand why Nextcloud now freezes when I try to manually specify it.

Is this the first time you’ve seen this error? (Y/N): Y

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '*',
  'passwordsalt' => '*',
  'secret' => '*',
  'trusted_domains' => 
  array (
    0 => 'dragoncloud.homelab.local',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '16.0.3.0',
  'overwrite.cli.url' => 'https://dragoncloud.homelab.local',
  'dbname' => 'nextcloud',
  'dbhost' => 'dragondb.homelab.local',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloudusr',
  'dbpassword' => '*',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'log_type' => 'syslog',
  'memcache.local' => '\OC\Memcache\APCu',
);
2

is the primary DNS the LDAP server? Silly question i know… but worth asking

3

Yes, it is. The server’s running FreeIPA, so its doing LDAP, DNS, Kerberos… It’s even my local certificate authority!