mail attribute not synced from LDAP/AD before first login

[tgoeg]

Steps to reproduce

1. Configure NC13 with LDAP to an AD server (mail field mapped to LDAP mail attribute or not, does not matter)
2. Look into user details

Expected behaviour

Synced users should have their mail adresses set

Actual behaviour

No mail address found

Workarounds

If I login with an AD user the first time, the email gets set.

The same effect can be achieved by issuing either

sudo -u nextcloud-user ./occ user:info Example.User

or

sudo -u nextcloud-user ./occ user:list
{"reqId":"j5RZonigKX5Tzv0oVaSK","level":2,"time":"2018-05-16T14:23:33+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"--","url":"--","message":"not suitable default quota found for user Example.User: []","userAgent":"--","version":"13.0.2.1"}

which fixes it for all users.

However, this should work automatically when initially syncing users from LDAP/AD. Sharing per mail silently fails before that, which is pretty hard to debug!

Server configuration

Operating system:
Ubuntu 16.04.4 LTS
Web server:
Apache 2.4.18-2ubuntu3.8
Database:
mysql-server 5.7.22-0ubuntu0.16.04.1
PHP version:
php 7.0.28-0ubuntu0.16.04.1
Nextcloud version: (see Nextcloud admin page)
13.0.2
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from 12.x
Where did you install Nextcloud from:
Official download from nextcloud.com
Signing status:

Signing status

``` No errors have been found. ```

List of activated apps:

App list

Enabled:
  - activity: 2.6.1
  - bruteforcesettings: 1.0.3
  - comments: 1.3.0
  - dav: 1.4.6
  - encryption: 2.0.0
  - federatedfilesharing: 1.3.1
  - files: 1.8.0
  - files_pdfviewer: 1.2.1
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - files_versions: 1.6.0
  - files_videoplayer: 1.2.0
  - firstrunwizard: 2.2.1
  - gallery: 18.0.0
  - impersonate: 1.0.4
  - logreader: 2.0.0
  - lookup_server_connector: 1.1.0
  - nextcloud_announcements: 1.2.0
  - notifications: 2.1.2
  - oauth2: 1.1.0
  - password_policy: 1.3.0
  - provisioning_api: 1.3.0
  - serverinfo: 1.3.0
  - sharebymail: 1.3.0
  - survey_client: 1.1.0
  - systemtags: 1.3.0
  - theming: 1.4.1
  - twofactor_backupcodes: 1.2.3
  - updatenotification: 1.3.0
  - user_ldap: 1.3.1
  - workflowengine: 1.3.0
Disabled:
  - admin_audit
  - federation
  - files_external
  - richdocuments
  - user_external

Nextcloud configuration:

Config report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/example.com",
        "dbtype": "mysql",
        "version": "13.0.2.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": false,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "log_rotate_size": 104857600,
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "loglevel": 2,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25"
    }
}

Are you using external storage, if yes which one: local

Are you using encryption: yes

Are you using an external user-backend, if yes which one: ActiveDirectory

LDAP configuration (delete this part if not used)

LDAP config

+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                                                                                  |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                                                                |
| hasPagedResultSupport         |                                                                                                                                                  |
| homeFolderNamingRule          |                                                                                                                                                  |
| lastJpegPhotoLookup           | 0                                                                                                                                                |
| ldapAgentName                 | exampleaccount                                                                                                                                    |
| ldapAgentPassword             | ***                                                                                                                                              |
| ldapAttributesForGroupSearch  |                                                                                                                                                  |
| ldapAttributesForUserSearch   |                                                                                                                                                  |
| ldapBackupHost                |                                                                                                                                                  |
| ldapBackupPort                |                                                                                                                                                  |
| ldapBase                      | OU=Domain Users,OU=MAIN,DC=example,DC=local                                                                                                         |
| ldapBaseGroups                | OU=Domain Users,OU=MAIN,DC=example,DC=local                                                                                                         |
| ldapBaseUsers                 | OU=Domain Users,OU=MAIN,DC=example,DC=local                                                                                                         |
| ldapCacheTTL                  | 600                                                                                                                                              |
| ldapConfigurationActive       | 1                                                                                                                                                |
| ldapDefaultPPolicyDN          |                                                                                                                                                  |
| ldapDynamicGroupMemberURL     |                                                                                                                                                  |
| ldapEmailAttribute            | mail                                                                                                                                             |
| ldapExperiencedAdmin          | 1                                                                                                                                                |
| ldapExpertUUIDGroupAttr       |                                                                                                                                                  |
| ldapExpertUUIDUserAttr        | sAMAccountName                                                                                                                                   |
| ldapExpertUsernameAttr        |                                                                                                                                                  |
| ldapGidNumber                 | gidNumber                                                                                                                                        |
| ldapGroupDisplayName          | cn                                                                                                                                               |
| ldapGroupFilter               |                                                                                                                                                  |
| ldapGroupFilterGroups         |                                                                                                                                                  |
| ldapGroupFilterMode           | 0                                                                                                                                                |
| ldapGroupFilterObjectclass    |                                                                                                                                                  |
| ldapGroupMemberAssocAttr      | member                                                                                                                                           |
| ldapHost                      | 10.0.0.1                                                                                                                                     |
| ldapIgnoreNamingRules         |                                                                                                                                                  |
| ldapLoginFilter               | (&(&(|(objectclass=organizationalPerson)(objectclass=person)(objectclass=user)))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes     |                                                                                                                                                  |
| ldapLoginFilterEmail          | 1                                                                                                                                                |
| ldapLoginFilterMode           | 0                                                                                                                                                |
| ldapLoginFilterUsername       | 1                                                                                                                                                |
| ldapNestedGroups              | 0                                                                                                                                                |
| ldapOverrideMainServer        |                                                                                                                                                  |
| ldapPagingSize                | 500                                                                                                                                              |
| ldapPort                      | 389                                                                                                                                              |
| ldapQuotaAttribute            |                                                                                                                                                  |
| ldapQuotaDefault              |                                                                                                                                                  |
| ldapTLS                       | 0                                                                                                                                                |
| ldapUserDisplayName           | sAMAccountName                                                                                                                                   |
| ldapUserDisplayName2          |                                                                                                                                                  |
| ldapUserFilter                | (&(|(objectclass=organizationalPerson)(objectclass=person)(objectclass=user)))                                                                   |
| ldapUserFilterGroups          |                                                                                                                                                  |
| ldapUserFilterMode            | 0                                                                                                                                                |
| ldapUserFilterObjectclass     | organizationalPerson;person;user                                                                                                                 |
| ldapUuidGroupAttribute        | auto                                                                                                                                             |
| ldapUuidUserAttribute         | auto                                                                                                                                             |
| turnOffCertCheck              | 0                                                                                                                                                |
| turnOnPasswordChange          | 0                                                                                                                                                |
| useMemberOfToDetectMembership | 1                                                                                                                                                |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+

Client configuration

Browser:
Any
Operating system:
Any

Logs

Web server error log

Web server error log

No errors

Nextcloud log (data/nextcloud.log)

Nextcloud log

No errors

Browser log

Browser log

Not client specific

[MorrisJobke]

cc @nextcloud/ldap

[nextcloud-bot]

Hey, this issue has been closed because the label stale is set and there were no updates for 14 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

[Antairez]

Hello, I too have the same issue. I want to try to fix the issues manually before this bug is patched by the dev teams, but I can't quite get your command to work, what command did you issue to fix it for all users? I've 10000+ users that are missing the email fields. I tried to execute command sudo -u www-data ./occ user:list but that did nothing except just listing all the users.

[tgoeg]

Hi!
Strange. Does
sudo -u nextcloud-user /var/www/nextcloud-wwwroot/occ user:info Example.User
fix it for Example.User ?
If so, you could try to iterate over all users. Something along these lines might help:

while read user; do sudo -u nextcloud-user /var/www/nextcloud-wwwroot/occ user:info "$user"; done < <(sudo -u nextcloud-user php /var/www/nextcloud-wwwroot/occ user:list | sed 's#[ -]*\([^:]*\).*#\1#')

[Antairez]

@tgoeg Hello, occ user:info Example.User didn't work for me, it listed the user info, and there's no email in it. Mine is only fixed when user manually logs in, then the email field is filled.

[tgoeg]

Hmm... If all of your users are on the same domain, probably bulk set their addresses with occ user:setting and the loop in my last post to user.name@fixed.domain ?

[blizzz]

Should be fixed with #14200 (and shipped with 13.0.12, 14.0.8, 15.0.5)

[tach-tm]

Hmm... If all of your users are on the same domain, probably bulk set their addresses with occ user:setting and the loop in my last post to user.name@fixed.domain ?

When connecting to AD, is it possible to create a mail and bind it to the nextcloud login according to the template "sAMAccountName@mail.com"? Since the user does not have mail or mail is not set in AD in the attributes.

Can you show an example?

[blizzz]

@tach-tm you replied to a bug report that is closed for 3.5 years, and with an unrelated question. I would like to ask you to raise your question in the forums: https://help.nextcloud.com

If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/