AD/LDAP - blocking all user accounts in the domain


#1

Server configuration

Operating system: Centos 7

Web server: httpd

Database: mariadb

PHP version: 7.2

ownCloud version: 10.1.0

Updated from an older ownCloud or fresh install: fresh install

Hello colleagues,
I have an OwnCloud server in the IT infrastructure that using AD/LDAP (from Marketplace) connector for authentification. It worked perfectly for a couple months but now it’s periodically block all user accounts in domain. There are a lot of records on the Windows 2016 Server security log that contains inforamtion that failed logon attemtps from Owncloud server. I’ve checked log files in the Centos but haven’t found any errors or something. Also I use fail2ban on server and the jail is also empty.

Does anybody face up with the same problem? How to solve it?


#2

Typically this would happen if you force password changes to your users and they in return use mobile or desktop clients with the previous password. The easiest way to avoid this is to use oAuth2 for client and mobile authentication. In the Enterprise version we also offer SAML or soon Open ID Connect for the same purpose and more IT control.