Hi,
If I try to configure LDAP authentication with a simple LDAP user instead of an admin user, I’m unable to login into Nextcloud.
If I keep the same config but only change the user DN (and his password…) I can login.
I did a ldapsearch with the simple user (nextcloud) to see what he sees for other users and here is the result :
# filter: (&(|(objectclass=inetOrgPerson)(objectclass=zimbraAccount))(uid=carp))
# carp, people, zimbratest.example.com
dn: uid=carp,ou=people,dc=zimbratest,dc=example,dc=com
uid: carp
telephoneNumber: 01 23 45 67 89
mail: carp@zimbratest.example.com
mail: alias@zimbratest.example.com
sn: carp
givenName:: bMOpb25hcmRv
objectClass: inetOrgPerson
objectClass: zimbraAccount
objectClass: amavisAccount
co: FRANCE
displayName:: bMOpb25hcmRvIGNhcnA=
cn:: bMOpb25hcmRvIGNhcnA=
Here is my ldap_user conf on nextcloud :
+-----------+-----------------------------------+------------------------------------------------------------------------+
| appid | configkey | configvalue |
+-----------+-----------------------------------+------------------------------------------------------------------------+
| user_ldap | cleanUpJobOffset | 0 |
| user_ldap | enabled | yes |
| user_ldap | has_memberof_filter_support | |
| user_ldap | home_folder_naming_rule | |
| user_ldap | installed_version | 1.2.1 |
| user_ldap | last_jpegPhoto_lookup | 0 |
| user_ldap | ldap_agent_password | REDACTED |
| user_ldap | ldap_attributes_for_group_search | |
| user_ldap | ldap_attributes_for_user_search | |
| user_ldap | ldap_backup_host | |
| user_ldap | ldap_backup_port | |
| user_ldap | ldap_base | ou=people,dc=zimbratest,dc=example,dc=com |
| user_ldap | ldap_base_groups | ou=people,dc=zimbratest,dc=example,dc=com |
| user_ldap | ldap_base_users | ou=people,dc=zimbratest,dc=example,dc=com |
| user_ldap | ldap_cache_ttl | 600 |
| user_ldap | ldap_configuration_active | 1 |
| user_ldap | ldap_default_ppolicy_dn | |
| user_ldap | ldap_display_name | displayName |
| user_ldap | ldap_dn | uid=zimbra,cn=admins,cn=zimbra |
| user_ldap | ldap_dynamic_group_member_url | |
| user_ldap | ldap_email_attr | |
| user_ldap | ldap_experienced_admin | 0 |
| user_ldap | ldap_expert_username_attr | |
| user_ldap | ldap_expert_uuid_group_attr | |
| user_ldap | ldap_expert_uuid_user_attr | |
| user_ldap | ldap_gid_number | gidNumber |
| user_ldap | ldap_group_display_name | cn |
| user_ldap | ldap_group_filter | |
| user_ldap | ldap_group_filter_mode | 0 |
| user_ldap | ldap_group_member_assoc_attribute | uniqueMember |
| user_ldap | ldap_groupfilter_groups | |
| user_ldap | ldap_groupfilter_objectclass | |
| user_ldap | ldap_host | zimbra86.hugeman |
| user_ldap | ldap_login_filter | (&(|(objectclass=inetOrgPerson)(objectclass=zimbraAccount))(uid=%uid)) |
| user_ldap | ldap_login_filter_mode | 1 |
| user_ldap | ldap_loginfilter_attributes | |
| user_ldap | ldap_loginfilter_email | 0 |
| user_ldap | ldap_loginfilter_username | 1 |
| user_ldap | ldap_nested_groups | 0 |
| user_ldap | ldap_override_main_server | |
| user_ldap | ldap_paging_size | 500 |
| user_ldap | ldap_port | 389 |
| user_ldap | ldap_quota_attr | |
| user_ldap | ldap_quota_def | |
| user_ldap | ldap_tls | 0 |
| user_ldap | ldap_turn_off_cert_check | 1 |
| user_ldap | ldap_turn_on_pwd_change | 0 |
| user_ldap | ldap_user_display_name_2 | |
| user_ldap | ldap_user_filter_mode | 0 |
| user_ldap | ldap_userfilter_groups | |
| user_ldap | ldap_userfilter_objectclass | inetOrgPerson
zimbraAccount |
| user_ldap | ldap_userlist_filter | (|(objectclass=inetOrgPerson)(objectclass=zimbraAccount)) |
| user_ldap | types | authentication |
| user_ldap | use_memberof_to_detect_membership | 1 |
+-----------+-----------------------------------+------------------------------------------------------------------------+
My LDAP server is slapd 2.4.39.
Nextcloud : 12.0.3 (I tried on 12.0.0 with same result)
On nextcloud log, I get the “Could not autodetect the UUID attribute” when trying to authenticate or every time nextcloud is trying to make the mapping.
Once the mapping is done (with the LDAP admin), login on Nextcloud works even if I change the user DN back to a simple user, but “Could not autodetect the UUID attribute” is getting back in the log
So now I think it’s just that nextcloud needs an attribute in particular, but which one ?