App passwords not persistent

Server
1

Steps to reproduce

Server 10.4.1 combined with Windows desktop app 2.6.3. App password is needed to connect the Windows client, but it is not persistent.

Expected behaviour

As far as we understand, app passwords should be persistent and never be deleted.

Actual behaviour

The app password for any connected Windows client is periodically revoked about every week or so, usually overnight, and needs to be reinstated again. The client loses connection to the server and the app password entry shown under “Security > App-passwords / Tokens” in the user’s own preferences, is gone.

Server configuration

Debian 4.19.0
apache2
MariaDB
PHP 7.3
ownCloud Server 10.4.1
ownCloud Windows client 2.6.3
Fresh install

Signing status (ownCloud 9.0 and above):

“No errors have been found.”

The content of config/config.php:
too long

List of activated apps:

Enabled:

  • activity: 2.5.3
  • comments: 0.3.0
  • configreport: 0.2.0
  • dav: 0.5.0
  • encryption: 1.4.0
  • federatedfilesharing: 0.5.0
  • files: 1.5.2
  • files_external: 0.7.1
  • files_mediaviewer: 1.0.2
  • files_sharing: 0.12.0
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • market: 0.5.0
  • notifications: 0.5.0
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • theme-removed: 1.0.0
  • twofactor_totp: 0.6.1
  • updatenotification: 0.2.1
  • user_ldap: 0.15.1
    Disabled:
  • external
  • federation
  • firstrunwizard
  • user_external
    Enabled:
  • activity: 2.5.3
  • comments: 0.3.0
  • configreport: 0.2.0
  • dav: 0.5.0
  • encryption: 1.4.0
  • federatedfilesharing: 0.5.0
  • files: 1.5.2
  • files_external: 0.7.1
  • files_mediaviewer: 1.0.2
  • files_sharing: 0.12.0
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • market: 0.5.0
  • notifications: 0.5.0
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • theme-removed: 1.0.0
  • twofactor_totp: 0.6.1
  • updatenotification: 0.2.1
  • user_ldap: 0.15.1
    Disabled:
  • external
  • federation
  • firstrunwizard
  • user_external

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

±------------------------------±-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | removed |
±------------------------------±-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=removed,OU=ServiceUsers,OU=Corporate,DC=int,DC=removed,DC=removed |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | OU=Corporate,DC=int,DC=removed,DC=removed |
| ldapBaseGroups | OU=Corporate,DC=int,DC=removed,DC=removed |
| ldapBaseUsers | OU=Corporate,DC=int,DC=removed,DC=removed |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (|(cn=removed)) |
| ldapGroupFilterGroups | removed|
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldap:// |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person)))(|(mailPrimaryAddress=%uid)(mail=%uid))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 0 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=organizationalPerson))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(memberof=CN=removed ,OU=Groups,OU=Corporate,DC=int,DC=removed,DC=removed))) |
| ldapUserFilterGroups | removed |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
±------------------------------±---------------+
| Configuration | s01 |
±------------------------------±---------------+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | |
| ldapBaseGroups | |
| ldapBaseUsers | |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±---------------+

Client configuration

n/a

Operating system:
Win10

Logs

Web server error log

Empty

ownCloud log (data/owncloud.log)

Insert your ownCloud log here
{“reqId”:“removed”,“level”:3,“time”:“2020-06-06T17:08:19+00:00”,“remoteAddr”:"",“user”:"–",“app”:“mysql.setup”,“method”:"–",“url”:"–",“message”:"Specific user creation failed: An exception occurred while
executing ‘SELECT user FROM mysql.user WHERE user=?’ with params ["removed “]:\n\nSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user ‘removed’@‘localhost’ for table ‘user’”}

2

The log message is from June, so I don’t think it is relevant. Do you have anything more recent? Perhaps you could (temporarily) increase the loglevel?

1 Like
3

Hello and thanks for your answer. Could you point me to where to increase the loglevel?

4

Hey, a good start is the official documentation:
https://doc.owncloud.com/

The loglevel you can either adjust in the config.php https://doc.owncloud.com/server/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-log-level
Or directly in the admin interface in the general section if you scroll down a little.

1 Like
5

Thanks. Loglevel, according to the web portal, is already set to “Everything (fatal issues, errors, warnings, info, debug)”

Edit: Just noticed that I got the wrong ownCloud log file. Will send infos as soon as i cleaned the log entries.

6

Hello

There’s simply too many log entries to anonymize, so I just extracted one of each with loglevel 3 or higher which seemed somewhat relevant.

{“reqId”:“removed”,“level”:3,“time”:“2020-11-03T00:00:02+01:00”,“remoteAddr”:"",“user”:"–",“app”:“core”,“method”:"–",“url”:"–",“message”:“Exception: {“Exception”:“OCP\\AppFramework\\QueryException”,“Message”:“Could not resolve OCA\\Federation\\SyncJob! Class OCA\\Federation\\SyncJob does not exist”,“Code”:0,“Trace”:”#0 \/var\/www\/removed\/lib\/private\/AppFramework\/Utility\/SimpleContainer.php(110): OC\\AppFramework\\Utility\\SimpleContainer->resolve(‘OCA\\\\Federation\\\\…’)\n#1 \/var\/www\/removed\/lib\/private\/ServerContainer.php(86): OC\\AppFramework\\Utility\\SimpleContainer->query(‘OCA\\\\Federation\\\\…’)\n#2 \/var\/www\/removed\/lib\/private\/BackgroundJob\/JobList.php(253): OC\\ServerContainer->query(‘OCA\\\\Federation\\\\…’)\n#3 \/var\/www\/removed\/lib\/private\/BackgroundJob\/JobList.php(209): OC\\BackgroundJob\\JobList->buildJob(Array)\n#4 \/var\/www\/removed\/core\/Command\/System\/Cron.php(114): OC\\BackgroundJob\\JobList->getNext()\n#5 \/var\/www\/removed\/lib\/composer\/symfony\/console\/Command\/Command.php(255): OC\\Core\\Command\\System\\Cron->execute(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))\n#6 \/var\/www\/removed\/lib\/composer\/symfony\/console\/Application.php(1001): Symfony\\Component\\Console\\Command\\Command->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))\n#7 \/var\/www\/removed\/lib\/composer\/symfony\/console\/Application.php(271): Symfony\\Component\\Console\\Application->doRunCommand(Object(OC\\Core\\Command\\System\\Cron), Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))\n#8 \/var\/www\/removed\/lib\/composer\/symfony\/console\/Application.php(147): Symfony\\Component\\Console\\Application->doRun(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))\n#9 \/var\/www\/removed\/lib\/private\/Console\/Application.php(165): Symfony\\Component\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))\n#10 \/var\/www\/removed\/console.php(116): OC\\Console\\Application->run()\n#11 \/var\/www\/removed\/occ(11): require_once(’\/var\/www\/removedsh…’)\n#12 {main}",“File”:"\/var\/www\/removed\/lib\/private\/AppFramework\/Utility\/SimpleContainer.php",“Line”:96}"}
{“reqId”:“removed”,“level”:3,“time”:“2020-11-04T17:40:40+01:00”,“remoteAddr”:“removed”,“user”:“removed”,“app”:“PHP”,“method”:“DELETE”,“url”:"/remote.php/dav/files/removed/202006271500_202006291000",“message”:“fclose() expects parameter 1 to be resource, bool given at /var/www/removed/lib/private/Files/Storage/Wrapper/Encryption.php#788”}
{“reqId”:“removed”,“level”:3,“time”:“2020-11-04T21:46:14+01:00”,“remoteAddr”:“removed”,“user”:"–",“app”:“PHP”,“method”:“GET”,“url”:null,“message”:“Undefined index: path at /var/www/removed/lib/private/AppFramework/Http/Request.php#618”}
{“reqId”:“removed,“level”:3,“time”:“2020-11-05T02:36:56+01:00”,“remoteAddr”:“removed”,“user”:”–",“app”:“user_ldap”,“method”:“PROPFIND”,“url”:"/remote.php/dav/files/removed/",“message”:“Exception: {“Exception”:“OCA\\User_LDAP\\Exceptions\\BindFailedException”,“Message”:”",“Code”:0,“Trace”:"#0 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Connection.php(170): OCA\\User_LDAP\\Connection->establishConnection()\n#1 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(958): OCA\\User_LDAP\\Connection->getConnectionResource()\n#2 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(1169): OCA\\User_LDAP\\Access->executeSearch(’(&(&(|(objectcl…’, Array, Array, NULL, NULL)\n#3 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(883): OCA\\User_LDAP\\Access->search(’(&(&(|(objectcl…’, Array, Array, NULL, NULL)\n#4 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(778): OCA\\User_LDAP\\Access->searchUsers(’(&(&(|(objectcl…’, Array, NULL, NULL)\n#5 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(751): OCA\\User_LDAP\\Access->fetchListOfUsers(’(&(&(|(objectcl…’, Array)\n#6 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User\/Manager.php(462): OCA\\User_LDAP\\Access->fetchUsersByLoginName(‘removed@k…’, Array)\n#7 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_LDAP.php(140): OCA\\User_LDAP\\User\\Manager->getLDAPUserByLoginName(‘removed@k…’)\n#8 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_Proxy.php(112): OCA\\User_LDAP\\User_LDAP->checkPassword(*** sensitive parameters replaced )\n#9 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Proxy.php(143): OCA\\User_LDAP\\User_Proxy->callOnLastSeenOn(‘removed@k…’, ‘checkPassword’, Array, false)\n#10 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_Proxy.php(189): OCA\\User_LDAP\\Proxy->handleRequest(‘removed@k…’, ‘checkPassword’, Array)\n#11 \/var\/www\/removed\/lib\/private\/User\/Manager.php(253): OCA\\User_LDAP\\User_Proxy->checkPassword( sensitive parameters replaced )\n#12 \/var\/www\/removed\/lib\/private\/User\/Session.php(838): OC\\User\\Manager->checkPassword( sensitive parameters replaced )\n#13 \/var\/www\/removed\/lib\/private\/User\/Session.php(914): OC\\User\\Session->checkTokenCredentials(Object(OC\\Authentication\\Token\\DefaultToken), ‘ZUTLZ-QPUWT-EYP…’)\n#14 \/var\/www\/removed\/lib\/private\/User\/Session.php(330): OC\\User\\Session->validateToken( sensitive parameters replaced )\n#15 \/var\/www\/removed\/lib\/private\/User\/Session.php(362): OC\\User\\Session->login( sensitive parameters replaced )\n#16 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(131): OC\\User\\Session->logClientIn( sensitive parameters replaced )\n#17 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php(103): OCA\\DAV\\Connector\\Sabre\\Auth->validateUserPass( sensitive parameters replaced )\n#18 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(239): Sabre\\DAV\\Auth\\Backend\\AbstractBasic->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#19 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(156): OCA\\DAV\\Connector\\Sabre\\Auth->auth(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#20 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(182): OCA\\DAV\\Connector\\Sabre\\Auth->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#21 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(137): Sabre\\DAV\\Auth\\Plugin->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#22 \/var\/www\/removed\/lib\/composer\/sabre\/event\/lib\/WildcardEmitterTrait.php(89): Sabre\\DAV\\Auth\\Plugin->beforeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#23 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(454): Sabre\\DAV\\Server->emit(‘beforeMethod:PR…’, Array)\n#24 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(251): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#25 \/var\/www\/removed\/apps\/dav\/lib\/Server.php(329): Sabre\\DAV\\Server->start()\n#26 \/var\/www\/removed\/apps\/dav\/appinfo\/v2\/remote.php(31): OCA\\DAV\\Server->exec()\n#27 \/var\/www\/removed\/remote.php(165): require_once(’\/var\/www\/removedsh…’)\n#28 {main}",“File”:"\/var\/www\/removed\/apps-external\/user_ldap\/lib\/Connection.php",“Line”:532}"}
{“reqId”:“removed”,“level”:3,“time”:“2020-11-05T02:36:56+01:00”,“remoteAddr”:“removed”,“user”:"–",“app”:“PHP”,“method”:“PROPFIND”,“url”:"/remote.php/dav/files/removed/",“message”:“ldap_control_paged_result_response(): Result is: Operations error (1) at /var/www/removed/apps-external/user_ldap/lib/LDAP.php#74”}
{“reqId”:“removed”,“level”:3,“time”:“2020-11-05T02:36:56+01:00”,“remoteAddr”:“removed”,“user”:"–",“app”:“user_ldap”,“method”:“PROPFIND”,“url”:"/remote.php/dav/files/removed/",“message”:“Exception: {“Exception”:“Exception”,“Message”:“LDAP Operations error”,“Code”:1,“Trace”:”#0 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/LDAP.php(75): OCA\\User_LDAP\\LDAP->postFunctionCall()\n#1 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(1011): OCA\\User_LDAP\\LDAP->controlPagedResultResponse(Resource id #33, false, NULL, 0)\n#2 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(1192): OCA\\User_LDAP\\Access->processPagedSearchStatus(Array, ‘(&(&(|(objectcl…’, Array, 0, NULL, NULL, true, false)\n#3 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(883): OCA\\User_LDAP\\Access->search(’(&(&(|(objectcl…’, Array, Array, NULL, NULL)\n#4 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(778): OCA\\User_LDAP\\Access->searchUsers(’(&(&(|(objectcl…’, Array, NULL, NULL)\n#5 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Access.php(751): OCA\\User_LDAP\\Access->fetchListOfUsers(’(&(&(|(objectcl…’, Array)\n#6 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User\/Manager.php(462): OCA\\User_LDAP\\Access->fetchUsersByLoginName(‘removed@k…’, Array)\n#7 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_LDAP.php(140): OCA\\User_LDAP\\User\\Manager->getLDAPUserByLoginName(‘removed@k…’)\n#8 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_Proxy.php(84): OCA\\User_LDAP\\User_LDAP->checkPassword( sensitive parameters replaced )\n#9 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/Proxy.php(145): OCA\\User_LDAP\\User_Proxy->walkBackends(‘removed@k…’, ‘checkPassword’, Array)\n#10 \/var\/www\/removed\/apps-external\/user_ldap\/lib\/User_Proxy.php(189): OCA\\User_LDAP\\Proxy->handleRequest(‘removed@k…’, ‘checkPassword’, Array)\n#11 \/var\/www\/removed\/lib\/private\/User\/Manager.php(253): OCA\\User_LDAP\\User_Proxy->checkPassword( sensitive parameters replaced )\n#12 \/var\/www\/removed\/lib\/private\/User\/Session.php(838): OC\\User\\Manager->checkPassword( sensitive parameters replaced )\n#13 \/var\/www\/removed\/lib\/private\/User\/Session.php(914): OC\\User\\Session->checkTokenCredentials(Object(OC\\Authentication\\Token\\DefaultToken), ‘ZUTLZ-QPUWT-EYP…’)\n#14 \/var\/www\/removed\/lib\/private\/User\/Session.php(330): OC\\User\\Session->validateToken( sensitive parameters replaced )\n#15 \/var\/www\/removed\/lib\/private\/User\/Session.php(362): OC\\User\\Session->login( sensitive parameters replaced )\n#16 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(131): OC\\User\\Session->logClientIn( sensitive parameters replaced )\n#17 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php(103): OCA\\DAV\\Connector\\Sabre\\Auth->validateUserPass( sensitive parameters replaced ***)\n#18 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(239): Sabre\\DAV\\Auth\\Backend\\AbstractBasic->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#19 \/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php(156): OCA\\DAV\\Connector\\Sabre\\Auth->auth(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#20 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(182): OCA\\DAV\\Connector\\Sabre\\Auth->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#21 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(137): Sabre\\DAV\\Auth\\Plugin->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#22 \/var\/www\/removed\/lib\/composer\/sabre\/event\/lib\/WildcardEmitterTrait.php(89): Sabre\\DAV\\Auth\\Plugin->beforeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#23 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(454): Sabre\\DAV\\Server->emit(‘beforeMethod:PR…’, Array)\n#24 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(251): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#25 \/var\/www\/removed\/apps\/dav\/lib\/Server.php(329): Sabre\\DAV\\Server->start()\n#26 \/var\/www\/removed\/apps\/dav\/appinfo\/v2\/remote.php(31): OCA\\DAV\\Server->exec()\n#27 \/var\/www\/removed\/remote.php(165): require_once(’\/var\/www\/removedsh…’)\n#28 {main}",“File”:"\/var\/www\/removed\/apps-external\/user_ldap\/lib\/LDAP.php",“Line”:338}"}
{“reqId”:“removed”,“level”:3,“time”:“2020-11-05T02:36:56+01:00”,“remoteAddr”:“removed”,“user”:"–",“app”:“OC\User\Session::validateToken”,“method”:“PROPFIND”,“url”:"/remote.php/dav/files/removed/",“message”:“invalid credentials in token 65e074b8443b958e9f12bbff4839e7f7ca8eea96ac61f1bd98ec2067d8ace1cb048d45cd387ffc2b27e3fc724587ff42aae526737551dc15e80952cfd2257ab0 with token id 669842”}
{“reqId”:“removed”,“level”:4,“time”:“2020-11-07T13:42:27+01:00”,“remoteAddr”:“removed”,“user”:"–",“app”:“webdav”,“method”:“PROPFIND”,“url”:"/remote.php/dav/files/7AD96657-D463-484E-906C-9DE50DA5E861/",“message”:“Exception: HTTP/1.1 503 OC\ServerNotAvailableException: Lost connection to LDAP server.: {“Exception”:“Sabre\\DAV\\Exception\\ServiceUnavailable”,“Message”:“OC\\ServerNotAvailableException: Lost connection to LDAP server.”,“Code”:0,“Trace”:”#0 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(182): OCA\\DAV\\Connector\\Sabre\\Auth->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#1 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php(137): Sabre\\DAV\\Auth\\Plugin->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#2 \/var\/www\/removed\/lib\/composer\/sabre\/event\/lib\/WildcardEmitterTrait.php(89): Sabre\\DAV\\Auth\\Plugin->beforeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#3 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(454): Sabre\\DAV\\Server->emit(‘beforeMethod:PR…’, Array)\n#4 \/var\/www\/removed\/lib\/composer\/sabre\/dav\/lib\/DAV\/Server.php(251): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#5 \/var\/www\/removed\/apps\/dav\/lib\/Server.php(329): Sabre\\DAV\\Server->start()\n#6 \/var\/www\/removed\/apps\/dav\/appinfo\/v2\/remote.php(31): OCA\\DAV\\Server->exec()\n#7 \/var\/www\/removed\/remote.php(165): require_once(’\/var\/www\/removedsh…’)\n#8 {main}",“File”:"\/var\/www\/removed\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php",“Line”:164}"}

Most of them appear periodically in the log files. Some of them seem to point to a lost LDAP connection. Is it possible that the app passwords are removed (as orphaned) if the AD sync fails temporarily for the user in question?