Hi, I am having problem with first user login. I mean user are authenticated against active directory 2008 and in previuos version I had to just insert user in the right AD group; nowadays (after migrating to 10 and conversion of db to uft8mb4) new user are unable to login. The error, looking in owncloud.log, seems to be in objectGUID field recognized as malformed utf8.
As workaround I have to insert manually the user in table oc_ldap_user_mapping.
Any clue?
thank you
Daniele
Steps to reproduce
- first login
- owc reply user/password incorrect
Expected behaviour
user should login
Actual behaviour
login denied
Server configuration
Operating system:
Ubuntu 16.04.5 LTS- Linux vmcloud 4.4.0-137-generic #163-Ubuntu SMP Mon Sep 24 13:14:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Web server:
apache2 2.4.18-2ubuntu3.9
Database:
mysql-server 5.7.23-0ubuntu0.16
PHP version:
php7.0 7.0.32-0ubuntu0.16
ownCloud version: (see ownCloud admin page)
10.0.9.5
Updated from an older ownCloud or fresh install:
updated from ver 9
Where did you install ownCloud from:
tarball
Signing status (ownCloud 9.0 and above):
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
No errors have been found.
The content of config/config.php:
sudo -u www-data php occ config:list system
{
âsystemâ: {
âinstanceidâ: âoctr84l01bm4â,
âpasswordsaltâ: âREMOVED SENSITIVE VALUEâ,
âsecretâ: âREMOVED SENSITIVE VALUEâ,
âtrusted_domainsâ: [
â192.168.222.39â,
âREMOVED SENSITIVE VALUEâ,
âREMOVED SENSITIVE VALUEâ
],
âdatadirectoryâ: â/var/www/owncloud/dataâ,
âoverwrite.cli.urlâ: âREMOVED SENSITIVE VALUEâ,
âdbtypeâ: âmysqlâ,
âversionâ: â10.0.9.5â,
âdbnameâ: âowncloudâ,
âdbhostâ: âlocalhostâ,
âdbtableprefixâ: âoc_â,
âmysql.utf8mb4â: true,
âdbuserâ: âREMOVED SENSITIVE VALUEâ,
âdbpasswordâ: âREMOVED SENSITIVE VALUEâ,
âlogtimezoneâ: âEurope/Romeâ,
âloglevelâ: 0,
âinstalledâ: true,
âldapIgnoreNamingRulesâ: false,
âmaintenanceâ: false,
âsingleuserâ: false,
âmemcache.localâ: â\OC\Memcache\APCuâ,
âmail_smtpmodeâ: âphpâ,
âupdater.secretâ: âREMOVED SENSITIVE VALUEâ
}
}
List of activated apps:
sudo -u www-data php occ app:list
Enabled:
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.3.2
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_sharing: 0.10.1
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- market: 0.2.5
- notifications: 0.3.4
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- templateeditor: 0.3.1
- updatenotification: 0.2.1
- user_ldap: 0.11.0
Disabled: - encryption
- external
- user_external
Are you using external storage, if yes which one: local/smb/sftp/âŠ
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/âŠ
ActiveDirectory
LDAP configuration (delete this part if not used)
sudo -u www-data php occ ldap:show-config
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=ldap_browser,OU=Domain Controllers,DC=xxx,DC=yyy |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | sn;givenName |
| ldapBackupHost | 172.18.10.24 |
| ldapBackupPort | 389 |
| ldapBase | DC=xxx,DC=yyy |
| ldapBaseGroups | DC=xxx,DC=yyy |
| ldapBaseUsers | DC=xxx,DC=yyy |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | userPrincipalName@xxx.yyy |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))(|(cn=grp_owncloud))) |
| ldapGroupFilterGroups | grp_owncloud |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 172.18.10.23 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=organizationalPerson))(|(|(memberof=CN=grp_owncloud,CN=Users,DC=xxx,DC=yyy)(primaryGroupID=13661))))(samaccountname=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 5000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=organizationalPerson))(|(|(memberof=CN=grp_owncloud,CN=Users,DC=xxx,DC=yyy)(primaryGroupID=13661)))) |
| ldapUserFilterGroups | grp_owncloud |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | organizationalPerson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 1 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=ldap_browser,OU=Domain Controllers,DC=xxx,DC=yyy |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | sn;givenName |
| ldapBackupHost | 172.18.10.24 |
| ldapBackupPort | 389 |
| ldapBase | DC=xxx,DC=yyy |
| ldapBaseGroups | DC=xxx,DC=yyy |
| ldapBaseUsers | DC=xxx,DC=yyy |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | userPrincipalName@xxx.yyy |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))(|(cn=grp_owncloud))) |
| ldapGroupFilterGroups | grp_owncloud |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 172.18.10.24 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=organizationalPerson))(|(|(memberof=CN=grp_owncloud,CN=Users,DC=xxx,DC=yyy)(primaryGroupID=13661))))(samaccountname=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 5000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | default |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=organizationalPerson))(|(|(memberof=CN=grp_owncloud,CN=Users,DC=xxx,DC=yyy)(primaryGroupID=13661)))) |
| ldapUserFilterGroups | grp_owncloud |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | organizationalPerson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 1 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±----------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser:
firefox 62
Operating system:
linux Ubuntu 18.04.1 LTS
Logs
Web server error log
Insert your webserver log here
ownCloud log (data/owncloud.log)
{âreqIdâ:âb4PjNOqUqtQGm5wjkex4â,âlevelâ:3,âtimeâ:â2018-10-11T08:43:10+02:00â,âremoteAddrâ:â172.18.110.26â,âuserâ:"â",âappâ:âuser_ldapâ,âmethodâ:âPOSTâ,âurlâ:"/index.php/login",âmessageâ:âException: {âExceptionâ:âOutOfBoundsExceptionâ,âMessageâ:âCannot determine username for cn=xxxxx yyyyyyy,ou=gruppi solo utenti,dc=ced,dc=aos from {\âdn\â:[\âcn=xxxxx yyyyyyy,ou=gruppi solo utenti,dc=ced,dc=aos\â],\âsamaccountname\â:[\âr.xxxxx\â],\âmail\â:[\âr.xxxxx@xxxxxx.xxx\â],\âdisplayname\â:[\âyyyyyyy xxxxx\â],\âsn\â:[\âxxxxx\â],\âgivenname\â:[\âyyyyyyy\â],\âobjectguid\â:[null]}, Malformed UTF-8 characters, possibly incorrectly encodedâ,âCodeâ:0,âTraceâ:â#0 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User\/Manager.php(311): OCA\\User_LDAP\\User\\UserEntry->getUsername()\n#1 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User\/Manager.php(224): OCA\\User_LDAP\\User\\Manager->resolveUID(Object(OCA\\User_LDAP\\User\\UserEntry))\n#2 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User\/Manager.php(426): OCA\\User_LDAP\\User\\Manager->getFromEntry(Array)\n#3 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User_LDAP.php(140): OCA\\User_LDAP\\User\\Manager->getLDAPUserByLoginName(âr.xxxxxâ)\n#4 [internal function]: OCA\\User_LDAP\\User_LDAP->checkPassword(*** sensitive parameters replaced )\n#5 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User_Proxy.php(75): call_user_func_array(Array, Array)\n#6 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/Proxy.php(145): OCA\\User_LDAP\\User_Proxy->walkBackends(âr.xxxxxâ, âcheckPasswordâ, Array)\n#7 \/var\/www\/owncloud\/apps\/user_ldap\/lib\/User_Proxy.php(180): OCA\\User_LDAP\\Proxy->handleRequest(âr.xxxxxâ, âcheckPasswordâ, Array)\n#8 \/var\/www\/owncloud\/lib\/private\/User\/Manager.php(252): OCA\\User_LDAP\\User_Proxy->checkPassword( sensitive parameters replaced )\n#9 \/var\/www\/owncloud\/lib\/private\/User\/Session.php(519): OC\\User\\Manager->checkPassword( sensitive parameters replaced )\n#10 \/var\/www\/owncloud\/lib\/private\/User\/Session.php(334): OC\\User\\Session->loginWithPassword( sensitive parameters replaced )\n#11 \/var\/www\/owncloud\/core\/Controller\/LoginController.php(204): OC\\User\\Session->login( sensitive parameters replaced )\n#12 [internal function]: OC\\Core\\Controller\\LoginController->tryLogin( sensitive parameters replaced ***)\n#13 \/var\/www\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(159): call_user_func_array(Array, Array)\n#14 \/var\/www\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(89): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Core\\Controller\\LoginController), âtryLoginâ)\n#15 \/var\/www\/owncloud\/lib\/private\/AppFramework\/App.php(103): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Core\\Controller\\LoginController), âtryLoginâ)\n#16 \/var\/www\/owncloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(46): OC\\AppFramework\\App::main(âLoginControllerâ, âtryLoginâ, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#17 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#18 \/var\/www\/owncloud\/lib\/private\/Route\/Router.php(342): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#19 \/var\/www\/owncloud\/lib\/base.php(919): OC\\Route\\Router->match(â\/loginâ)\n#20 \/var\/www\/owncloud\/index.php(55): OC::handleRequest()\n#21 {main}",âFileâ:"\/var\/www\/owncloud\/apps\/user_ldap\/lib\/User\/UserEntry.php",âLineâ:110}"}
Insert your ownCloud log here
#### Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) âŠ