Duplicate users


#1

Steps to reproduce

  1. Use LDAP for authentication
  2. From desktop client (maybe webpage, didn’t test that) log in to server
  3. In Expert tab on LDAP authentication put sAMAccountName for internal username and samaccountname for UUID Attribute for Users
  4. In Expert tab, click Clear Username-LDAP User Mapping multiple times

Expected behaviour

Tell us what should happen
users directory should be changed to username instead of UUID

Actual behaviour

Tell us what happens instead
The expected does happen but ALSO, multiple accounts are created, for example the user rlenzi now has 5 user accounts, 78585FAA-A5B2-4813-B400-BA36DEF0C22A, rlenzi, rlenzi_7735, rlenzi_8417, rlenzi_8619, and two directories on the server. The first directory is the UUID and the second one is rlenzi. If I try to remove any of the rlenzi users the rlenzi directory will be removed.
This is a problem because if another user tries to share a file/folder with rlenzi then they get a choice of 5 different users, all called rlenzi, and they can not figure out which one is the “real” rlenzi.

Server configuration

Operating system:
Ubuntu 18.04

Web server:
Apache2

Database:
mySQL

PHP version:
PHP 7.2.15

ownCloud version: (see ownCloud admin page)
10.0.10.4

Updated from an older ownCloud or fresh install:
Updated

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

No errors have been found.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Enabled:

  • activity: 2.4.2
  • comments: 0.3.0
  • configreport: 0.1.1
  • dav: 0.4.0
  • federatedfilesharing: 0.3.1
  • federation: 0.1.0
  • files: 1.5.1
  • files_external: 0.7.1
  • files_sharing: 0.11.0
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • files_videoplayer: 0.9.8
  • firstrunwizard: 1.1
  • gallery: 16.1.1
  • market: 0.3.0
  • notifications: 0.3.5
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • templateeditor: 0.4.0
  • user_ldap: 0.13.0
    Disabled:
  • encryption
  • external
  • updatenotification
  • user_external

Are you using external storage, if yes which one: local/smb/sftp/…
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
LDAP

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
```+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------+
| Configuration                 | s01                                                                                                                              |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                                                |
| hasPagedResultSupport         |                                                                                                                                  |
| homeFolderNamingRule          | attr:sAMAccountName                                                                                                              |
| lastJpegPhotoLookup           | 0                                                                                                                                |
| ldapAgentName                 | cn=userName,cn=users,dc=ihmc,dc=local                                                                                       |
| ldapAgentPassword             | ***                                                                                                                              |
| ldapAttributesForGroupSearch  |                                                                                                                                  |
| ldapAttributesForUserSearch   |                                                                                                                                  |
| ldapBackupHost                | 10.10.10.10                                                                                                                       |
| ldapBackupPort                | 389                                                                                                                              |
| ldapBase                      | cn=users,dc=ihmc,dc=local                                                                                                        |
| ldapBaseGroups                | cn=users,dc=ihmc,dc=local                                                                                                        |
| ldapBaseUsers                 | cn=users,dc=ihmc,dc=local                                                                                                        |
| ldapCacheTTL                  | 600                                                                                                                              |
| ldapConfigurationActive       | 1                                                                                                                                |
| ldapDynamicGroupMemberURL     |                                                                                                                                  |
| ldapEmailAttribute            | mail                                                                                                                             |
| ldapExperiencedAdmin          | 0                                                                                                                                |
| ldapExpertUUIDGroupAttr       |                                                                                                                                  |
| ldapExpertUUIDUserAttr        | samaccountname                                                                                                                   |
| ldapExpertUsernameAttr        | sAMAccountName                                                                                                                   |
| ldapGroupDisplayName          | cn                                                                                                                               |
| ldapGroupFilter               |                                                                                                                                  |
| ldapGroupFilterGroups         |                                                                                                                                  |
| ldapGroupFilterMode           | 0                                                                                                                                |
| ldapGroupFilterObjectclass    |                                                                                                                                  |
| ldapGroupMemberAssocAttr      | uniqueMember                                                                                                                     |
| ldapHost                      | 10.10.10.10                                                                                                                       |
| ldapIgnoreNamingRules         |                                                                                                                                  |
| ldapLoginFilter               | (&(&(|(objectclass=person))(|(|(memberof=CN=Domain Users,CN=Users,DC=ihmc,DC=local)(primaryGroupID=513))))(samaccountname=%uid)) |
| ldapLoginFilterAttributes     |                                                                                                                                  |
| ldapLoginFilterEmail          | 0                                                                                                                                |
| ldapLoginFilterMode           | 0                                                                                                                                |
| ldapLoginFilterUsername       | 1                                                                                                                                |
| ldapNestedGroups              | 0                                                                                                                                |
| ldapOverrideMainServer        |                                                                                                                                  |
| ldapPagingSize                | 500                                                                                                                              |
| ldapPort                      | 389                                                                                                                              |
| ldapQuotaAttribute            |                                                                                                                                  |
| ldapQuotaDefault              |                                                                                                                                  |
| ldapTLS                       | 0                                                                                                                                |
| ldapUserDisplayName           | displayName                                                                                                                      |
| ldapUserDisplayName2          |                                                                                                                                  |
| ldapUserFilter                | (&(|(objectclass=person))(|(|(memberof=CN=Domain Users,CN=Users,DC=ihmc,DC=local)(primaryGroupID=513))))                         |
| ldapUserFilterGroups          | Domain Users                                                                                                                     |
| ldapUserFilterMode            | 0                                                                                                                                |
| ldapUserFilterObjectclass     | person                                                                                                                           |
| ldapUserName                  | samaccountname                                                                                                                   |
| ldapUuidGroupAttribute        | auto                                                                                                                             |
| ldapUuidUserAttribute         | auto                                                                                                                             |
| turnOffCertCheck              | 0                                                                                                                                |
| useMemberOfToDetectMembership | 1                                                                                                                                |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------+


### Client configuration
**Browser:**
Safari, Firefox, Chrome

**Operating system:**
10.14.3

### Logs
#### Web server error log

Insert your webserver log here


#### ownCloud log (data/owncloud.log)

#### Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) …


#2

did you use the user:sync command?

sudo -u www-data php occ user:sync "OCA\User_LDAP\User_Proxy" -m remove