You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Install a fresh instance of Nextcloud (I used a docker image, version 14.0.3)
Configure LDAP as per the Admin Manual
Try to login with a LDAP account
Expected behaviour
Login should succeed
Actual behaviour
Got message "wrong password" on UI and "Login Failed" on Nextcloud log. Spent one working day investigating. Turned out that Settings / LDAP/AD Integration / Advanced / Configuration Active wasn't checked. After manually checking this option, LDAP authentication began working.
Requests
Nextcloud Admin Manual informs that "Configuration Active" is automatically checked when a successful test is performed during LDAP configuration. I've performed multiple tests and this option wasn't automatically checked. Don't know why.
Change the error message from "Login failed" to "No Active LDAP configuration found".
I've already opened issue #912 on Nextcloud Documentation requesting the manual is more explicit about the need of having this configuration item checked for LDAP to work.
Server configuration
Operating system: Debian (docker image)
Web server: NGINX
Database: MySQL 5.7.24
PHP version: 7.2.11
Nextcloud version: 14.0.3
Updated from an older Nextcloud/ownCloud or fresh install: Fresh install
Where did you install Nextcloud from: Docker Hub
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
No errors have been found.
List of activated apps:
App list
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
Enabled:
accessibility: 1.0.1
activity: 2.7.0
admin_audit: 1.4.0
admin_notifications: 1.0.2
announcementcenter: 3.3.1
calendar: 1.6.3
cloud_federation_api: 0.0.1
comments: 1.4.0
dav: 1.6.0
deck: 0.4.1
drawio: 0.9.1
dropit: 0.1.1
federatedfilesharing: 1.4.0
federation: 1.4.0
files: 1.9.0
files_markdown: 2.0.4
files_mindmap: 0.0.9
files_pdfviewer: 1.3.2
files_sharing: 1.6.2
files_texteditor: 2.6.0
files_trashbin: 1.4.1
files_versions: 1.7.1
files_videoplayer: 1.3.0
firstrunwizard: 2.3.0
gallery: 18.1.0
gpxedit: 0.0.9
gpxmotion: 0.0.7
gpxpod: 2.3.1
logreader: 2.0.0
lookup_server_connector: 1.2.0
mail: 0.11.0
nextcloud_announcements: 1.3.0
notes: 2.4.2
notifications: 2.2.1
oauth2: 1.2.1
password_policy: 1.4.0
phonetrack: 0.3.6
provisioning_api: 1.4.0
serverinfo: 1.4.0
sharebymail: 1.4.0
spreed: 4.0.0
support: 1.0.0
survey_client: 1.2.0
systemtags: 1.4.0
theming: 1.5.0
twofactor_backupcodes: 1.3.1
updatenotification: 1.4.1
user_external: 0.4
user_ldap: 1.4.0
workflowengine: 1.4.0
Disabled:
encryption
files_external
unsplash
Nextcloud configuration:
Config report
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
or
Insert your config.php content here.
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
Are you using external storage, if yes which one: No
Are you using encryption: No
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
GitMate.io thinks possibly related issues are #7135 (LDAP password change not always working), #4296 (LDAP Configuration not available after Copying Instance), #11026 (LDAP quota-sync does not work anymore), #5168 (Dynamic LDAP groups no longer working), and #1621 (ldap-user FIRSTlogin with internet explorer won't work.).
Nextcloud Admin Manual informs that "Configuration Active" is automatically checked when a successful test is performed during LDAP configuration. I've performed multiple tests and this option wasn't automatically checked. Don't know why.
The absence of it would not help you either. Also, it rather makes more sense to notify only about error cases, not successful operation.
We don't automatically enable configurations when you revisit and edit an inactive one.
Change the error message from "Login failed" to "No Active LDAP configuration found".
End users should not care about those, also there's no exclusivity included with the LDAP backend.
At the bottom line it is a configuration thing, and I am sorry for you that you spend a too much time on it. At some point we should overhaul the whole wizard and improve on the overall experience. This I would keep as is for now, as it proved to be working for ~99% cases.
Steps to reproduce
Expected behaviour
Login should succeed
Actual behaviour
Got message "wrong password" on UI and "Login Failed" on Nextcloud log. Spent one working day investigating. Turned out that Settings / LDAP/AD Integration / Advanced / Configuration Active wasn't checked. After manually checking this option, LDAP authentication began working.
Requests
Nextcloud Admin Manual informs that "Configuration Active" is automatically checked when a successful test is performed during LDAP configuration. I've performed multiple tests and this option wasn't automatically checked. Don't know why.
Change the error message from "Login failed" to "No Active LDAP configuration found".
I've already opened issue #912 on Nextcloud Documentation requesting the manual is more explicit about the need of having this configuration item checked for LDAP to work.
Server configuration
Operating system: Debian (docker image)
Web server: NGINX
Database: MySQL 5.7.24
PHP version: 7.2.11
Nextcloud version: 14.0.3
Updated from an older Nextcloud/ownCloud or fresh install: Fresh install
Where did you install Nextcloud from: Docker Hub
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
Disabled:
Nextcloud configuration:
Config report
{
"system": {
"memcache.local": "\OC\Memcache\APCu",
"apps_paths": [
{
"path": "/var/www/html/apps",
"url": "/apps",
"writable": false
},
{
"path": "/var/www/html/custom_apps",
"url": "/custom_apps",
"writable": true
}
],
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"drive-hom.procempa.com.br"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "14.0.3.0",
"overwrite.cli.url": "http://localhost",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"instanceid": "REMOVED SENSITIVE VALUE",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\User_LDAP\LDAPProviderFactory",
"auth.bruteforce.protection.enabled": false,
"proxy": "lproxy:3128",
"loglevel": 2,
"log_rotate_size": 10485760,
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_smtpmode": "smtp",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "25"
}
}
Are you using external storage, if yes which one: No
Are you using encryption: No
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | SENSITIVE |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | SENSITIVE |
| ldapBackupPort | 389 |
| ldapBase | SENSITIVE
|
| ldapBaseGroups | SENSITIVE |
| ldapBaseUsers | SENSITIVE |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 1 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | SENSITIVE
|
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | SENSITIVE |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | SENSITIVE
|
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | SENSITIVE
|
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser: Chrome
Operating system: Ubuntu 18.04
Logs
Web server error log
Web server error log
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"p42z7FsnMY04X4CWulLY","level":2,"time":"2018-10-24T12:54:27+00:00","remoteAddr":"SENSITIVE","user":"--","app":"core","method":"POST","url":"/login","message":"Login failed: 'roger.krolow' (Remote IP: 'SENSITIVE')","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36","version":"14.0.3.0"}
Browser log
Browser log
The text was updated successfully, but these errors were encountered: