Steps to reproduce
Not sure
Expected behaviour
Should be able to search for LDAP users.
Actual behaviour
I have one LDAP user that is not searchable. They can login and share. When sharing their display name appears correct. Their profile is listed correctly in Personal. But they can not be searched.
Server configuration
Ubuntu 16.04
Apache 2.4
Mysql
PHP 7
ownCloud 9.1.5 (stable)
New or updated
Updated from earlier version of 9
Source
Installed from owncloud.org
Signing status
Not sure how to find signing status
Integritycheck
No errors have been found.
config/config.php:
<?php
$CONFIG = array (
'updatechecker' => false,
'instanceid' => 'id',
'passwordsalt' => 'salt',
'secret' => 'secret',
'trusted_domains' =>
array (
0 => '10.254.0.100',
1 => 'host.myzone.mydomain.com',
2 => 'host.mydomain.com',
3 => '54.22.222.22',
),
'datadirectory' => '/ocdata',
'overwritehost' => host.mydomain.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/owncloud',
'overwriteconaddr' => '10.254.0.100',
'overwrite.cli.url' => 'https://host.mydomain.com/owncloud',
'dbtype' => 'mysql',
'version' => '9.1.5.2',
'dbname' => 'owncloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_admin',
'dbpassword' => 'pass',
'logtimezone' => 'UTC',
'installed' => true,
'ldapIgnoreNamingRules' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
'activity_expire_days' => 15,
'loglevel' => 3,
'log_rotate_size' => 104857600,
'mail_smtpmode' => 'sendmail',
'mail_from_address' => 'host',
'mail_domain' => 'mydomain.com',
'maintenance' => false,
'trashbin_retention_obligation' => '1, 7',
);
Config Report (only LDAP)
{
"id": "user_ldap",
"name": "LDAP user and group backend",
"description": "This application enables administrators to connect ownCloud to an LDAP-based user directory for authentication and provisioning users, groups and user attributes. Admins can configure this application to connect to one or more LDAP directories or Active Directories via an LDAP interface. Attributes such as user quota, email, avatar pictures, group memberships and more can be pulled into ownCloud from a directory with the appropriate queries and filters.\n\nA user logs into ownCloud with their LDAP or AD credentials, and is granted access based on an authentication request handled by the LDAP or AD server. ownCloud does not store LDAP or AD passwords, rather these credentials are used to authenticate a user and then ownCloud uses a session for the user ID. More information is available in the LDAP User and Group Backend documentation.\n\n",
"licence": "AGPL",
"author": "Dominik Schmidt and Arthur Schiwon",
"version": "0.9.0",
"types": [
"authentication"
],
"documentation": {
"admin": "https:\/\/doc.owncloud.org\/server\/9.1\/go.php?to=admin-ldap"
},
"dependencies": {
"lib": "ldap",
"owncloud": {
"@attributes": {
"min-version": "9.1",
"max-version": "9.1"
}
}
},
"namespace": "User_LDAP",
"background-jobs": [
"OCA\\User_LDAP\\Jobs\\UpdateGroups",
"OCA\\User_LDAP\\Jobs\\CleanUp"
],
"info": [],
"remote": [],
"public": [],
"repair-steps": {
"install": [],
"pre-migration": [],
"post-migration": [],
"live-migration": [],
"uninstall": []
},
"two-factor-providers": [],
"groups": null,
"active": true,
"internal": true,
"level": 200,
"removable": false,
"update": null,
"preview": "\/owncloud\/apps\/user_ldap\/img\/app.svg",
"previewAsIcon": true,
"appconfig": {
"cleanUpJobOffset": "150",
"enabled": "yes",
"installed_version": "0.9.0",
"s01has_memberof_filter_support": "1",
"s01home_folder_naming_rule": "",ottawa
"s01last_jpegPhoto_lookup": "0",
"s01ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
"s01ldap_attributes_for_group_search": "",
"s01ldap_attributes_for_user_search": "",
"s01ldap_backup_host": "dc2.myzone.myzone.com",
"s01ldap_backup_port": "389",
"s01ldap_base": "DC=myzone,DC=myzone,DC=com",
"s01ldap_base_groups": "DC=myzone,DC=myzone,DC=com",
"s01ldap_base_users": "DC=myzone,DC=myzone,DC=com",
"s01ldap_cache_ttl": "3600",
"s01ldap_configuration_active": "1",
"s01ldap_display_name": "displayname",
"s01ldap_dn": "CN=administrator,CN=Users,DC=myzone,DC=myzone,DC=com",
"s01ldap_dynamic_group_member_url": "",
"s01ldap_email_attr": "userPrincipalName",
"s01ldap_experienced_admin": "0",
"s01ldap_expert_username_attr": "",
"s01ldap_expert_uuid_group_attr": "",
"s01ldap_expert_uuid_user_attr": "",
"s01ldap_group_display_name": "cn",
"s01ldap_group_filter": "(&(|(objectclass=group))(|(cn=Domain Users)(cn=Domain Admins)(cn=mydomain)(cn=myzone)(cn=oem)(cn=samplegroup2)(cn=samplegroup)(cn=Domain Guests)))",
"s01ldap_group_filter_mode": "0",
"s01ldap_group_member_assoc_attribute": "member",
"s01ldap_groupfilter_groups": "Domain Users\nDomain Admins\nmydomain\nmyzone\nsamplegroup2\nsamplegroup\nDomain Guests",
"s01ldap_groupfilter_objectclass": "group",
"s01ldap_host": "dc1.myzone.myzone.com",
"s01ldap_login_filter": "sAMAccountName=%uid",
"s01ldap_login_filter_mode": "0",
"s01ldap_loginfilter_attributes": "",
"s01ldap_loginfilter_email": "0",
"s01ldap_loginfilter_username": "1",
"s01ldap_nested_groups": "0",
"s01ldap_override_main_server": "0",
"s01ldap_paging_size": "500",
"s01ldap_port": "389",
"s01ldap_quota_attr": "",
"s01ldap_quota_def": "",
"s01ldap_tls": "0",
"s01ldap_turn_off_cert_check": "0",
"s01ldap_user_display_name_2": "",
"s01ldap_user_filter_mode": "1",
"s01ldap_userfilter_groups": "",
"s01ldap_userfilter_objectclass": "",
"s01ldap_userlist_filter": "(&(|(objectclass=top))(|(memberOf=CN=Mail Users,CN=Users,DC=myzone,DC=mydomain,DC=com))( !(userAccountControl:1.2.840.113556.1.4.803:=2)))",
"s01use_memberof_to_detect_membership": "1",
"types": "authentication"
}
}
List of activated apps:
activity: 2.3.2
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.2.7
- federatedfilesharing: 0.3.0
- federation: 0.1.0
- files: 1.5.1
- files_antivirus: 0.9.0.0
- files_pdfviewer: 0.8.1
- files_sharing: 0.10.0
- files_texteditor: 2.1
- files_trashbin: 0.9.0
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- gallery: 15.0.0
- notifications: 0.3.0
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- templateeditor: 0.1
- updatenotification: 0.2.1
- user_ldap: 0.9.0
Disabled:
- documents
- encryption
- external
- files_external
- onlyoffice
- richdocuments
- user_external
Are you using external storage, if yes which one: attached storage.
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
--------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=agent,CN=Users,DC=myzone,DC=mydomain,DC=com |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | dc2.myzone.mydomain.com |
| ldapBackupPort | 389 |
| ldapBase | DC=myzone,DC=mydomain,DC=com |
| ldapBaseGroups | DC=myzone,DC=mydomain,DC=com |
| ldapBaseUsers | DC=myzone,DC=mydomain,DC=com |
| ldapCacheTTL | 3600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | userPrincipalName |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))(|(cn=Domain Users)(cn=Domain Admins)(cn=myzone)(cn=mydomain)(cn=samplegroup1)(cn=samplegroup)(cn=Domain Guests))) |
| ldapGroupFilterGroups | Domain Users;Domain Admins;myzone;mydomain;samplegroup1;samplegroup;Domain Guests |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | dc1.myzone.mydomain.com |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | sAMAccountName=%uid |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | 0 |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=top))(|(memberOf=CN=Mail Users,CN=Users,DC=myzone,DC=mydomain,DC=com))( !(userAccountControl:1.2.840.113556.1.4.803:=2))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 1 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser: edge, firefox, safari
OS: Win 10, Mac OS
Logs
Web server error log
Will do so if needed
ownCloud log (data/owncloud.log)
ldap_search(): Partial search results returned: Sizelimit exceeded at /var/www/owncloud/apps/user_ldap/lib/LDAP.php#255
Browser log
Will do so if relevant