You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My environment:
The Nextcloud instance that i'm unsing exsists since Owncloud 6 and was still upgraded.
The userbackend is a MS-AD and works fine so far.
Not all users are allowed to login to the Cloud, this is restricted over some groups.
But some users can still Login althougt there in no group there are allowed to access.
After time the Users are marked as "isDeleted" in the Database. But there would not cleanup by ldapUserCleanupInterval and if i try to delete it by hand with
sudo -u www-data php occ user:delete user1
i get this message:
"The specified user could not be deleted. Please check the logs."
and the "isDeleted" value in Database is set back to 0.
The Log Message:
{"reqId":"lJ6J5bFBU9tbAYmwjdqW","level":1,"time":"2017-05-31T08:57:26+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"--","url":"--","message":"User user1 is not marked as deleted, not cleaning up.","userAgent":"--","version":"12.0.0.29"}
If i check the User with:
sudo -u www-data php occ ldap:check-user user1
it says
The user does not exists on LDAP anymore.
Clean up the user's remnants by: ./occ user:delete "user1"
and the "isDeleted" flag is set to 1 again.
It's an endless loop.
Thanks for your help in advance
Steps to reproduce
Get an valid AD-User that are able to authenticate on Domain-Computer but is not a Member of any Groups that are allowed to login to the Cloud.
Try to login to the Cloud
Check the user via occ ldap:check-user
try to delete this user.
Expected behaviour
i expect that the User can't login and will not listet in Database or everywhere.
if the user is listed, i expected that i can delete him
Actual behaviour
The User can Login and can't be deleted thought nextcloud say the user does not exists on LDAP anymore.
Server configuration
Operating system:
Debain 8.7
Web server:
Apache2.4
Database:
mysql
PHP version:
5.6.30-0+deb8u1
Nextcloud version: (see Nextcloud admin page)
12.0.0.29
Updated from an older Nextcloud/ownCloud or fresh install:
Updated
Where did you install Nextcloud from:
Zip download from nextcloud.com
Are you using external storage, if yes which one: local/smb/sftp/...
no Are you using encryption: yes/no
no Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP/AD
Browser:
Firefox ESR 52 Operating system:
Win 10 pro
Logs
Web server error log
Web server error log
empty
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"lJ6J5bFBU9tbAYmwjdqW","level":1,"time":"2017-05-31T08:57:26+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"--","url":"--","message":"User user1 is not marked as deleted, not cleaning up.","userAgent":"--","version":"12.0.0.29"}
The text was updated successfully, but these errors were encountered:
Hello together,
this is my fist issue in guthub.
My environment:
The Nextcloud instance that i'm unsing exsists since Owncloud 6 and was still upgraded.
The userbackend is a MS-AD and works fine so far.
Not all users are allowed to login to the Cloud, this is restricted over some groups.
But some users can still Login althougt there in no group there are allowed to access.
After time the Users are marked as "isDeleted" in the Database. But there would not cleanup by ldapUserCleanupInterval and if i try to delete it by hand with
sudo -u www-data php occ user:delete user1
i get this message:
"The specified user could not be deleted. Please check the logs."
and the "isDeleted" value in Database is set back to 0.
The Log Message:
{"reqId":"lJ6J5bFBU9tbAYmwjdqW","level":1,"time":"2017-05-31T08:57:26+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"--","url":"--","message":"User user1 is not marked as deleted, not cleaning up.","userAgent":"--","version":"12.0.0.29"}
If i check the User with:
sudo -u www-data php occ ldap:check-user user1
it says
The user does not exists on LDAP anymore.
Clean up the user's remnants by: ./occ user:delete "user1"
and the "isDeleted" flag is set to 1 again.
It's an endless loop.
Thanks for your help in advance
Steps to reproduce
Expected behaviour
i expect that the User can't login and will not listet in Database or everywhere.
if the user is listed, i expected that i can delete him
Actual behaviour
The User can Login and can't be deleted thought nextcloud say the user does not exists on LDAP anymore.
Server configuration
Operating system:
Debain 8.7
Web server:
Apache2.4
Database:
mysql
PHP version:
5.6.30-0+deb8u1
Nextcloud version: (see Nextcloud admin page)
12.0.0.29
Updated from an older Nextcloud/ownCloud or fresh install:
Updated
Where did you install Nextcloud from:
Zip download from nextcloud.com
Signing status:
Signing status
No errors have been found.List of activated apps:
App list
Enabled:
Disabled:
Nextcloud configuration:
Config report
{ "system": { "instanceid": "ocrasu4h8ky3", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cloud2.example.com", "172.16.4.34" ], "datadirectory": "\/data\/cloud", "overwrite.cli.url": "\/cloud", "overwritehost": "", "dbtype": "mysql", "version": "12.0.0.29", "dbname": "cloud", "dbhost": "127.0.0.1", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "mail_smtpmode": "smtp", "memcache.local": "\\OC\\Memcache\\APCu", "proxy": "172.28.1.4:3128", "log_type": "owncloud", "logfile": "\/var\/log\/owncloud\/owncloud.log", "loglevel": 1, "mail_smtphost": "172.28.1.11", "mail_smtpport": "25", "theme": "", "maintenance": false, "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory", "asset-pipeline.enabled": true, "mail_from_address": "cloud", "mail_domain": "example.com", "ldapUserCleanupInterval": "30" } }Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP/AD
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | s08 | +-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | auth_user@example.com | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | OU=Benutzer,OU=ORGA,DC=example,DC=com;OU=Benutzer,OU=ORGA,DC=example,DC=com | | ldapBaseGroups | OU=CloudGruppen,OU=Gruppen,OU=ORGA,DC=example,DC=com | | ldapBaseUsers | OU=ORGA,DC=example,DC=com | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 1 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | samaccountname | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (&(|(objectclass=group))(| | | | (cn=GRP_Cloud1) | | | (cn=GRP_Cloud2) | | | (cn=GRP_Cloud3))) | | ldapGroupFilterGroups | GRP_Cloud1;GRP_Cloud2;GRP_Cloud3 | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | group | | ldapGroupMemberAssocAttr | member | | ldapHost | win-ad3.example.com | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(objectClass=user)(|(sAMAccountName=%uid)(mail=%uid))) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 1 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 1 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (&(|(objectclass=user))(| | | | (|(memberof=CN=GRP_Cloud1,OU=CloudGruppen,OU=Gruppen,OU=ORGA,DC=example,DC=com)(primaryGroupID=7760)) | | | (|(memberof=CN=GRP_Cloud2,OU=CloudGruppen,OU=Gruppen,OU=ORGA,DC=example,DC=com)(primaryGroupID=5224)) | | | (|(memberof=CN=GRP_Cloud3,OU=CloudGruppen,OU=Gruppen,OU=ORGA,DC=example,DC=com)(primaryGroupID=5573)) | | ldapUserFilterGroups | | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | person | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+Client configuration
Browser:
Firefox ESR 52
Operating system:
Win 10 pro
Logs
Web server error log
Web server error log
emptyNextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"lJ6J5bFBU9tbAYmwjdqW","level":1,"time":"2017-05-31T08:57:26+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"--","url":"--","message":"User user1 is not marked as deleted, not cleaning up.","userAgent":"--","version":"12.0.0.29"}The text was updated successfully, but these errors were encountered: