[8.2.1-stable] LDAP configuration doesn't work

[mrPsycho]

Steps to reproduce

1. go to https://owncloud.server/index.php/settings/admin#goto-ldap
2. fill LDAP section as said
3. see "Configuration incomplete"

anyway:

user@zentyal:/# ldapsearch -h localhost -V -D "domain\oc" -w pass

works. But:

user@zentyal:/# ldapsearch -h localhost -V -D "UID=oc,OU=System Users,DC=domain,DC=local" -w pass

says:

ldap_bind: Invalid credentials (49)
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE

Expected behaviour

Green light appears.

Actual behaviour

"Configuration incomplete"

Server configuration

Operating system: zentyal 4.2.1.3
Web server: nginx/1.4.6 (Ubuntu)
Database: mysqld Ver 5.5.46-0ubuntu0.14.04.2
PHP version: 5.5.9-1ubuntu4.14
ownCloud version: 8.2.1
Updated from an older ownCloud or fresh install: updated from 8.0.9
List of activated apps:

owncloud@zentyal:~/owncloud$ php occ app:list
Enabled:
  - activity: 2.1.3
  - files: 1.2.0
  - files_external: 0.3.0
  - files_pdfviewer: 0.7
  - files_sharing: 0.7.0
  - files_texteditor: 2.0
  - files_trashbin: 0.7.0
  - gallery: 14.2.0
  - provisioning_api: 0.3.0
  - updater: 0.6
  - user_external: 0.4
  - user_ldap: 0.7.0
Disabled:
  - encryption
  - external
  - files_versions
  - files_videoviewer
  - firstrunwizard
  - notifications
  - templateeditor

The content of config/config.php:

owncloud@zentyal:~/owncloud$ php occ config:list system --public



  [RuntimeException]                     
  The "--public" option does not exist.  



config:list [--output[="..."]] [--private] [app]


owncloud@zentyal:~/owncloud$ php occ config:list system 
{
    "system": {
        "instanceid": "occ80aca7b10",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "owncloud.domain.com",
            "192.168.2.100"
        ],
        "datadirectory": "\/massive\/owncloud",
        "overwrite.cli.url": "https:\/\/owncloud.domain.com",
        "dbtype": "mysql",
        "version": "8.2.1.4",
        "dbname": "owncloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "forcessl": true,
        "mail_smtpmode": "smtp",
        "mail_smtphost": "192.168.1.1",
        "mail_from_address": "owncloud",
        "loglevel": "0",
        "logfile": "\/var\/log\/owncloud\/owncloud.log",
        "ldapIgnoreNamingRules": false,
        "preview_libreoffice_path": "\/usr\/bin\/libreoffice --headless",
        "theme": "",
        "maintenance": false,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "domain.com",
        "trashbin_retention_obligation": "auto"
    }
}

Are you using external storage, if yes which one: local

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

owncloud@zentyal:~/owncloud$ php occ ldap:show-config
+-------------------------------+--------------------------------------------+
| Configuration                 | s01                                        |
+-------------------------------+--------------------------------------------+
| hasMemberOfFilterSupport      | 0                                          |
| hasPagedResultSupport         |                                            |
| homeFolderNamingRule          |                                            |
| lastJpegPhotoLookup           | 0                                          |
| ldapAgentName                 | UID=oc,OU=System Users,DC=domain,DC=local |
| ldapAgentPassword             | ***                                        |
| ldapAttributesForGroupSearch  |                                            |
| ldapAttributesForUserSearch   |                                            |
| ldapBackupHost                |                                            |
| ldapBackupPort                |                                            |
| ldapBase                      | DC=domain,DC=local                        |
| ldapBaseGroups                |                                            |
| ldapBaseUsers                 |                                            |
| ldapCacheTTL                  | 600                                        |
| ldapConfigurationActive       | 0                                          |
| ldapEmailAttribute            |                                            |
| ldapExperiencedAdmin          | 0                                          |
| ldapExpertUUIDGroupAttr       |                                            |
| ldapExpertUUIDUserAttr        |                                            |
| ldapExpertUsernameAttr        |                                            |
| ldapGroupDisplayName          | cn                                         |
| ldapGroupFilter               |                                            |
| ldapGroupFilterGroups         |                                            |
| ldapGroupFilterMode           | 0                                          |
| ldapGroupFilterObjectclass    |                                            |
| ldapGroupMemberAssocAttr      | uniqueMember                               |
| ldapHost                      | 192.168.2.100                              |
| ldapIgnoreNamingRules         |                                            |
| ldapLoginFilter               |                                            |
| ldapLoginFilterAttributes     |                                            |
| ldapLoginFilterEmail          | 0                                          |
| ldapLoginFilterMode           | 0                                          |
| ldapLoginFilterUsername       | 1                                          |
| ldapNestedGroups              | 0                                          |
| ldapOverrideMainServer        |                                            |
| ldapPagingSize                | 500                                        |
| ldapPort                      | 389                                        |
| ldapQuotaAttribute            |                                            |
| ldapQuotaDefault              |                                            |
| ldapTLS                       | 0                                          |
| ldapUserDisplayName           | displayname                                |
| ldapUserFilter                |                                            |
| ldapUserFilterGroups          |                                            |
| ldapUserFilterMode            | 0                                          |
| ldapUserFilterObjectclass     |                                            |
| ldapUuidGroupAttribute        | auto                                       |
| ldapUuidUserAttribute         | auto                                       |
| turnOffCertCheck              | 0                                          |
| useMemberOfToDetectMembership | 1                                          |
+-------------------------------+--------------------------------------------+

Client configuration

Browser: chrome

Operating system: ubuntu 15.10 x64

Logs

Web server error log

192.168.1.55 - - [04/Dec/2015:10:26:08 +0300] "POST /index.php/apps/user_ldap/ajax/wizard.php HTTP/1.1" 200 76 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"

ownCloud log (data/owncloud.log)

{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Base tree for Groups is empty, using Base DN","level":1,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Base tree for Groups is empty, using Base DN","level":1,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Configuration Error (prefix ): No LDAP Login Filter given!","level":2,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Configuration Error (prefix ): login filter does not contain %uid place holder.","level":2,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Configuration Error (prefix ): No LDAP Login Filter given!","level":2,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"Configuration Error (prefix ): login filter does not contain %uid place holder.","level":2,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}
{"reqId":"G8bC3HcV68qD3TxNEPo9","remoteAddr":"192.168.1.55","app":"user_ldap","message":"LDAP error Invalid credentials (49) after calling ldap_bind","level":0,"time":"2015-12-04T07:24:30+00:00","method":"POST","url":"\/index.php\/apps\/user_ldap\/ajax\/wizard.php"}

[RobinMcCorkell]

You've answered your own question, if domain\oc works as a username but the full DN doesn't (which is against the defacto standard btw, get a better server), you need to use that in the bind username field. Ref: http://serverfault.com/questions/497368/ldap-activedirectory-binddn-syntax

[MorrisJobke]

You've answered your own question, if domain\oc works as a username but the full DN doesn't (which is against the defacto standard btw, get a better server), you need to use that in the bind username field.

Close then?

[mrPsycho]

own cloud can't use it

[MorrisJobke]

cc @blizzz

[blizzz]

We directly pass whatever you configure as LDAP agent: https://github.com/owncloud/core/blob/stable8.2/apps/user_ldap/lib/connection.php#L610

[blizzz]

Zentyal should also allow Binds against proper DNs IIRC. I see it as server configuration issue.

[mrPsycho]

ok. thanks

[mrPsycho]

but, @blizzz how pfSense work with it? and owncloud don't?

[blizzz]

Sorry, I don't know either what pfSense is nor what it is doing in that case.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.