Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP Login fails on first attempt #11670

Closed
ExaconAT opened this Issue Oct 8, 2018 · 7 comments

Comments

Projects
None yet
5 participants
@ExaconAT
Copy link

ExaconAT commented Oct 8, 2018

Steps to reproduce

  1. Add AD User
  2. Login into Nextcloud
  3. Error Screen with ID

Expected behaviour

Login should work on first try

Actual behaviour

Login works, when the Website is reloaded. After that login works always.

Server configuration

Operating system: Ubuntu 16.0.5 LTS

Web server: Apache2 latest

Database: Mariadb latest

PHP version: PHP 7 latest

Nextcloud version: 14.0.1

Updated from an older Nextcloud/ownCloud or fresh install: Updated

Where did you install Nextcloud from: Nextcloud Web installer

Signing status:

Signing status
No errors have been found.

List of activated apps:

Enabled: - accessibility: 1.0.1 - activity: 2.7.0 - cloud_federation_api: 0.0.1 - comments: 1.4.0 - dav: 1.6.0 - federatedfilesharing: 1.4.0 - federation: 1.4.0 - files: 1.9.0 - files_pdfviewer: 1.3.2 - files_sharing: 1.6.2 - files_texteditor: 2.6.0 - files_trashbin: 1.4.1 - files_versions: 1.7.1 - files_videoplayer: 1.3.0 - firstrunwizard: 2.3.0 - flowupload: 0.0.8 - gallery: 18.1.0 - groupfolders: 1.3.3 - logreader: 2.0.0 - lookup_server_connector: 1.2.0 - nextcloud_announcements: 1.3.0 - notifications: 2.2.1 - oauth2: 1.2.1 - password_policy: 1.4.0 - provisioning_api: 1.4.0 - serverinfo: 1.4.0 - sharebymail: 1.4.0 - support: 1.0.0 - survey_client: 1.2.0 - systemtags: 1.4.0 - theming: 1.5.0 - twofactor_backupcodes: 1.3.1 - updatenotification: 1.4.1 - user_ldap: 1.4.0 - workflowengine: 1.4.0 Disabled: - admin_audit - bruteforcesettings - encryption - files_accesscontrol - files_downloadactivity - files_external - onlyoffice - spreed - spreedme - user_external - w2g2
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

Config report
"system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "dev-nc02.dev.net",
            "dev-nextcloud-02.dev.net"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "14.0.1.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "maintenance": false,
        "theme": "",
        "loglevel": "0",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Memcached",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "php",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "overwritecondaddr": "^10\\.101\\.203\\.30$",
        "overwrite.cli.url": "https:\/\/exadev-nc02.exacon.net",
        "updater.release.channel": "stable"
    }

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAPS

LDAP configuration (delete this part if not used)

LDAP config
+-------------------------------+----------------------------------------------------+
| Configuration                 |                                                    |
+-------------------------------+----------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                  |
| hasPagedResultSupport         |                                                    |
| homeFolderNamingRule          |                                                    |
| lastJpegPhotoLookup           | 0                                                  |
| ldapAgentName                 | user@dev.local                                    |
| ldapAgentPassword             | ***                                                |
| ldapAttributesForGroupSearch  |                                                    |
| ldapAttributesForUserSearch   |                                                    |
| ldapBackupHost                |                                                    |
| ldapBackupPort                |                                                    |
| ldapBase                      | dc=dev,dc=local                                 |
| ldapBaseGroups                | ou=nc,dc=dev,dc=local                           |
| ldapBaseUsers                 | ou=nc,dc=dev,dc=local                           |
| ldapCacheTTL                  | 10                                                 |
| ldapConfigurationActive       | 1                                                  |
| ldapDefaultPPolicyDN          |                                                    |
| ldapDynamicGroupMemberURL     |                                                    |
| ldapEmailAttribute            | mail                                               |
| ldapExperiencedAdmin          | 0                                                  |
| ldapExpertUUIDGroupAttr       |                                                    |
| ldapExpertUUIDUserAttr        | samAccountName                                     |
| ldapExpertUsernameAttr        |                                                    |
| ldapGidNumber                 | gidNumber                                          |
| ldapGroupDisplayName          | cn                                                 |
| ldapGroupFilter               | (&(|(objectclass=group)))                          |
| ldapGroupFilterGroups         |                                                    |
| ldapGroupFilterMode           | 0                                                  |
| ldapGroupFilterObjectclass    | group                                              |
| ldapGroupMemberAssocAttr      | member                                             |
| ldapHost                      | ldaps://dev-dc01.dev.local                  |
| ldapIgnoreNamingRules         |                                                    |
| ldapLoginFilter               | (&(&(|(objectclass=person)))(samaccountname=%uid)) |
| ldapLoginFilterAttributes     |                                                    |
| ldapLoginFilterEmail          | 0                                                  |
| ldapLoginFilterMode           | 0                                                  |
| ldapLoginFilterUsername       | 1                                                  |
| ldapNestedGroups              | 0                                                  |
| ldapOverrideMainServer        |                                                    |
| ldapPagingSize                | 500                                                |
| ldapPort                      | 636                                                |
| ldapQuotaAttribute            |                                                    |
| ldapQuotaDefault              |                                                    |
| ldapTLS                       | 0                                                  |
| ldapUserAvatarRule            | default                                            |
| ldapUserDisplayName           | displayname                                        |
| ldapUserDisplayName2          |                                                    |
| ldapUserFilter                | (&(|(objectclass=person)))                         |
| ldapUserFilterGroups          |                                                    |
| ldapUserFilterMode            | 0                                                  |
| ldapUserFilterObjectclass     | person                                             |
| ldapUuidGroupAttribute        | auto                                               |
| ldapUuidUserAttribute         | auto                                               |
| turnOffCertCheck              | 0                                                  |
| turnOnPasswordChange          | 1                                                  |
| useMemberOfToDetectMembership | 1                                                  |
+-------------------------------+----------------------------------------------------+

Client configuration

Browser:
All

Operating system:
All

Logs

Nextcloud log (data/nextcloud.log)

Nextcloud log
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"No DN found for asd02 on ldaps:\/\/dev-dc01.dev.local","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"initializing paged search for  Filter (&(&(|(objectclass=person)))(samaccountname=asd02)) base Array\n(\n    [0] => ou=nc,dc=dev,dc=local\n)\n attr Array\n(\n    [0] => entryuuid\n    [1] => nsuniqueid\n    [2] => objectguid\n    [3] => guid\n    [4] => ipauniqueid\n    [5] => dn\n    [6] => uid\n    [7] => samaccountname\n    [8] => memberof\n    [9] => samAccountName\n    [10] => \n    [11] => mail\n    [12] => displayname\n    [13] => \n    [14] => jpegphoto\n    [15] => thumbnailphoto\n)\n limit 500 offset 0","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"Ready for a paged search","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"initializing paged search for  Filter objectClass=* base Array\n(\n    [0] => cn=asd02 asd02,ou=nc,dc=dev,dc=local\n)\n attr Array\n(\n    [0] => samaccountname\n)\n limit 500 offset 0","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"Ready for a paged search","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"initializing paged search for  Filter (&(|(objectclass=person))) base Array\n(\n    [0] => cn=asd02 asd02,ou=nc,dc=dev,dc=local\n)\n attr Array\n(\n    [0] => displayname\n)\n limit 500 offset 0","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"Ready for a paged search","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login?user=test02","message":"No DN found for asd02 on ldaps:\/\/dev-dc01.dev.local","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":3,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"index","method":"POST","url":"\/index.php\/login?user=test02","message":{"Exception":"Error","Message":"Call to a member function getBackendClassName() on null","Code":0,"Trace":[{"file":"\/var\/www\/html\/apps\/dav\/lib\/HookManager.php","line":104,"function":"updateUser","class":"OCA\\DAV\\CardDAV\\SyncService","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/HookManager.php","line":81,"function":"postCreateUser","class":"OCA\\DAV\\HookManager","type":"->","args":[{"uid":"*** sensitive parameter replaced ***"}]},{"function":"OCA\\DAV\\{closure}","class":"OCA\\DAV\\HookManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/Hooks\/EmitterTrait.php","line":99,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/lib\/private\/Hooks\/PublicEmitter.php","line":36,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":618,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":875,"function":"dn2ocname","class":"OCA\\User_LDAP\\Access","type":"->","args":["cn=asd02 asd02,ou=nc,dc=dev,dc=local","asd02 asd02","*** sensitive parameter replaced ***",false,"*** sensitive parameter replaced ***"]},{"function":"OCA\\User_LDAP\\{closure}","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":880,"function":"array_filter","args":[["*** sensitive parameter replaced ***"],{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Access.php","line":843,"function":"fetchListOfUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["(&(&(|(objectclass=person)))(samaccountname=asd02))",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","samAccountName","","mail","displayname","","jpegphoto","thumbnailphoto"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_LDAP.php","line":172,"function":"fetchUsersByLoginName","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","samAccountName","","mail","displayname","","jpegphoto","thumbnailphoto"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_LDAP.php","line":189,"function":"getLDAPUserByLoginName","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameter replaced ***"]},{"function":"checkPassword","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_Proxy.php","line":81,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\User_LDAP"},"checkPassword"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/Proxy.php","line":152,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/apps\/user_ldap\/lib\/User_Proxy.php","line":196,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/html\/lib\/private\/User\/Manager.php","line":208,"function":"checkPassword","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/core\/Controller\/LoginController.php","line":298,"function":"checkPasswordNoLogging","class":"OC\\User\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/html\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/html\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/html\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/var\/www\/html\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/html\/apps\/dav\/lib\/CardDAV\/SyncService.php","Line":268,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/jquery-ui-fixes.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/server.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/css-variables.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/apps\/firstrunwizard\/css\/firstrunwizard.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/jquery.ocdialog.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/search\/css\/results.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/styles.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}
{"reqId":"ONnRNvUkDTDhhwHoP46y","level":0,"time":"2018-10-08T07:35:41+00:00","remoteAddr":"10.101.202.188","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=test02","message":"Scss is disabled for \/var\/www\/html\/core\/css\/header.scss, ignoring","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}

@nextcloud-bot

This comment has been minimized.

Copy link
Member

nextcloud-bot commented Oct 8, 2018

GitMate.io thinks possibly related issues are #7471 (LDAP User First time login is disabled), #4882 (Impersonating new LDAP user fails), #544 (LDAP Integration Tests fail due to autoloader), #9494 (mail attribute not synced from LDAP/AD before first login), and #3762 (Slow login after change ldap password).

@ExaconAT

This comment has been minimized.

Copy link
Author

ExaconAT commented Oct 8, 2018

Bot did'nt help.

@nebulade

This comment has been minimized.

Copy link

nebulade commented Oct 12, 2018

Getting the very same error on first LDAP login, refreshing the page and submitting the login form again works. In my case the error from the logs is:

15:07:39 - {"reqId":"ByE7brpR53g4XXwqKgON","level":3,"time":"2018-10-12T13:07:39+00:00","remoteAddr":"172.18.0.1","user":"--","app":"index","method":"POST","url":"\/login","message":{"Exception":"Error","Message":"Call to a member function getBackendClassName() on null","Code":0,"Trace":[{"file":"\/app\/data\/apps\/dav\/lib\/HookManager.php","line":104,"function":"updateUser","class":"OCA\\DAV\\CardDAV\\SyncService","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/app\/data\/apps\/dav\/lib\/HookManager.php","line":81,"function":"postCreateUser","class":"OCA\\DAV\\HookManager","type":"->","args":[{"uid":"*** sensitive parameter replaced ***"}]},{"function":"OCA\\DAV\\{closure}","class":"OCA\\DAV\\HookManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/code\/lib\/private\/Hooks\/EmitterTrait.php","line":99,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***"]]},{"file":"\/app\/code\/lib\/private\/Hooks\/PublicEmitter.php","line":36,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/Access.php","line":618,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/Access.php","line":875,"function":"dn2ocname","class":"OCA\\User_LDAP\\Access","type":"->","args":["cn=uid-3a529a21-4f2c-438b-8991-6eb0b68d0708,ou=users,dc=cloudron","Johannes Zellner","*** sensitive parameter replaced ***",false,"*** sensitive parameter replaced ***"]},{"function":"OCA\\User_LDAP\\{closure}","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/Access.php","line":880,"function":"array_filter","args":[["*** sensitive parameter replaced ***"],{"__class__":"Closure"}]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/Access.php","line":843,"function":"fetchListOfUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["(&(objectclass=user)(|(username=nebulon)(mail=nebulon)))",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","uid","","mail","displayname","","jpegphoto","thumbnailphoto"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/User_LDAP.php","line":172,"function":"fetchUsersByLoginName","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","uid","","mail","displayname","","jpegphoto","thumbnailphoto"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/User_LDAP.php","line":189,"function":"getLDAPUserByLoginName","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameter replaced ***"]},{"function":"checkPassword","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/User_Proxy.php","line":81,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\User_LDAP"},"checkPassword"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/Proxy.php","line":152,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/app\/data\/apps\/user_ldap\/lib\/User_Proxy.php","line":196,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/app\/code\/lib\/private\/User\/Manager.php","line":208,"function":"checkPassword","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/code\/core\/Controller\/LoginController.php","line":298,"function":"checkPasswordNoLogging","class":"OC\\User\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/code\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/app\/code\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/app\/code\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/app\/code\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/app\/code\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/app\/code\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/app\/code\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/app\/data\/apps\/dav\/lib\/CardDAV\/SyncService.php","Line":268,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.3.0"}
@gramakri

This comment has been minimized.

Copy link

gramakri commented Nov 10, 2018

This is the same as #11474

@jospoortvliet

This comment has been minimized.

Copy link
Member

jospoortvliet commented Nov 20, 2018

Apparently, set ldapExpertUsernameAttr to "cn" and ldapExpertUUIDUserAttr to "uid" makes it work. Close duplicate.

@ExaconAT

This comment has been minimized.

Copy link
Author

ExaconAT commented Nov 20, 2018

Where can i set this?

**EDIT:

Now i always get "Password is wrong" on Login page

+-------------------------------+----------------------------------------------------+
| Configuration | |
+-------------------------------+----------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | rh@dev.local |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=dev,dc=local |
| ldapBaseGroups | ou=nc,dc=dev,dc=local |
| ldapBaseUsers | ou=nc,dc=dev,dc=local |
| ldapCacheTTL | 10 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | uid |
| ldapExpertUsernameAttr | cn |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldaps://dev01.dev.local |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person)))(samaccountname=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 636 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=person))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 1 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+----------------------------------------------------+

@nebulade

This comment has been minimized.

Copy link

nebulade commented Nov 20, 2018

Thanks for following up on this. I can confirm that setting ldapExpertUsernameAttr to cn avoids the issue, however since in the Cloudron case, the cn will contain the user's uuid instead of the username, the UI will show the uuid instead of the username in places like the user listing. Which is not very helpful. Is there any other way to override the LDAP property used as the display username?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.