MacOSX CalDAV/CardDAV + LDAP not working ===> Nextcloud UUID used in LDAP authentication instead of Username

[itmanagerro]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Enable LDAP Authentication
2. Generate new users ==> UUID
3. Export "Nextcloud Profile" to iOS and install it
4. "Unable to authenticate with username/password"

Expected behaviour

CalDav/CardDav should work with LDAP auth backend

Actual behaviour

Nextcloud does not know the "UUID" of the LDAP generated (only available inside Nextcloud)

Server configuration

Operating system: Doesn't matter

Web server: Nginx

Database: SQL

PHP version: 7.4

Nextcloud version: 22

Updated from an older Nextcloud/ownCloud or fresh install: Updated gradually from 14

Where did you install Nextcloud from: Source

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this part if not used)

LDAP config

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log

Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Nextcloud log

Insert your Nextcloud log here

Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

[itmanagerro]

Issue is related to: CALDAV/CARDDAV + LDAP Authentication

That's because the .mobileconfig file is not populated with "Email" of the user, but rather the "UUID" generated at LDAP creation.

For example, my .mobileconfig has:

			<key>CalDAVUsername</key>
			<string>XXXbc702-eXX4-1XXa-8XX3-dbXXXXf273XX</string>

			<key>CardDAVUsername</key>
			<string>XXXbc702-eXX4-1XXa-8XX3-dbXXXXf273XX</string>

Coming from template file: ./apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php

   138			$userId = $user->getUID();         <=== THIS ONE
   155			$filename = $userId . '-' . AppleProvisioningNode::FILENAME;
   163					$userId,
   171					$userId,

Fix is at line 138: $userId = $user->getEMailAddress();? ===> tested/not working... still showing UUID

To make it work on my side, I had to manually download the .mobileconfig file, change the UUID to email and then import it in iOS/MacOSX.

Authentication via LDAP is expecting to receive "email + password" but in fact it receives "UUID + password".

Because the "UUID" is only available in "nextcloud", LDAP has no clue about who that "UUID" is.

The fix would be to map "UUIDs" to "Email" and Nextcloud if it sees the "UUID" as username, picks up the "Email" and send the auth to LDAP with "Email + Password" not "UUID + Password"

[itmanagerro]

^^ push ^^
cc @blizzz @PVince81 @MichaIng

[htbrown]

FWIW I'm still facing this issue on Nextcloud 25.0.3. Let me know if there's anything more I can provide to help other than that I'm using the latest apache image from Docker, an Active Directory domain as an LDAP backend and have changed the internal username attribute to samaccountname for the sake of keeping federation IDs neat.

[htbrown]

Having just said that, I've just been able to connect through macOS/iOS anyway. Not sure if that shows it's unreliable or just that my server is playing up. Sorry to be unhelpful.

[cybertschunk]

hey everybody, we are experiencing the same issue on Nextcloud 25.0.3.

[tekeous]

Yes I can reproduce the issue on Nextcloud 27.1.4. LDAP provisioned my account with UUID as username, although I login with UID or email. My email is on my Nextcloud profile. However when generating a iOS config it uses UUID as the username and does not work.

I see from the LDAP documentation that using UUID as Nextcloud’s internal username is recommended and expected behavior, so mapping UID into Nextcloud is not a solution.

Config generation should check for “was this account made by LDAP” and if so, use email or UID to log in. Group assignment could work for this.

[joshtrichards]

Closing per:

• Fix for CardDAV/CalDAV Apple Provisioning #31038 (review)