Sorry to hear you’re facing problems
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
Or for longer, use three backticks above and below the code snippet:
longer example here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can
Nextcloud version (eg, 12.0.2): 15.0.0
Operating system and version (eg, Ubuntu 17.04): CentOS 7.6
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.14
PHP version (eg, 7.1): 7.3.0
We have a small deployment that I have recently reconfigured to authenticate against ActiveDirectory (Nethserver Samba4) - this is a fresh install and all appears to be working well apart from password resets.
I have followed the tutorial and have set the ‘dSHeuristics’ bit accordingly and have allowed the LDAP user (set in the main settings page) to allow password changes.
I am able to change the password for users from the Admin, Users page and also users are able to reset their password using the forgotten password link on the login page, what they can’t do (and the issue) is to reset it from their Settings page.
When a user enters their old password and new password (it definitely meets the min password complexity requirements) it just displays a red box and the words “Incorrect password”.
When I access the AD manager, I see a write/change attempt has been made to the user account as the ‘modified’ time is exactly the same time as I get the following error in the log:
Warning core Login failed: '26XXX39B-3637-4E74-A433-A0AXXXXXX835' (Remote IP: 'XX.XX.XX.XX')
My LDAP scheme is as follows (some redacted)
Login attributes (&(((memberof=CN=Nextcloud_Allow,OU=Nextcloud,OU=Groups,OU=COMPANY,DC=example,DC=example,DC=example)(primaryGroupID=0000)))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
I followed this request: Ldap integration and password change, which seemed to be unresolved and added
(entryUUID=%uid) to the end of the schema, but this didn’t work.
The allow users to change password is selected in the Advanced section of the LDAP plugin.
Any pointers would be greatly appreciated