Invalid quota <> for LDAP user


#1

Steps to reproduce

Look messages at owncloud.log

Expected behaviour

No error messages

Actual behaviour

Messages like followin appearing on an on:
{"reqId":"keQEcFnsXn5hYv7ksgYd","level":3,"time":"2018-02-26T07:18:30+00:00","remoteAddr":"147.83.18.43","user":"9e0446b6-6c14-102b-9f2f-f6d7a75af459","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/9e0446b6-6c14-102b-9f2f-f6d7a75af459\/","message":"Invalid quota <> for LDAP user <9e0446b6-6c14-102b-9f2f-f6d7a75af459>"}
{"reqId":"add3ed2a-3704-447a-a4e1-c04bf70060e5","level":3,"time":"2018-02-26T07:18:31+00:00","remoteAddr":"147.83.83.30","user":"885e2476-8825-102b-835f-ff882da14104","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/885e2476-8825-102b-835f-ff882da14104\/","message":"Invalid quota <> for LDAP user <885e2476-8825-102b-835f-ff882da14104>"}
{"reqId":"9cfc877a-6d88-4abd-9662-29c952335459","level":3,"time":"2018-02-26T07:18:35+00:00","remoteAddr":"2.152.89.78","user":"bd7dca30-2d74-1037-8dbf-974b6807ab1d","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/bd7dca30-2d74-1037-8dbf-974b6807ab1d\/","message":"Invalid quota <> for LDAP user "}
{"reqId":"2b9d34c1-d857-42a5-b346-c1808b292bc5","level":3,"time":"2018-02-26T07:18:36+00:00","remoteAddr":"83.53.123.212","user":"7aa56a96-5153-102b-8fbb-a1f471c1a255","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/7aa56a96-5153-102b-8fbb-a1f471c1a255\/","message":"Invalid quota <> for LDAP user <7aa56a96-5153-102b-8fbb-a1f471c1a255>"}
{"reqId":"Bwm7NfPN0Q8wvHwav9LS","level":3,"time":"2018-02-26T07:18:40+00:00","remoteAddr":"147.83.18.4","user":"e0554afa-7d13-102b-9a06-b0a4c9dc08bd","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/e0554afa-7d13-102b-9a06-b0a4c9dc08bd\/","message":"Invalid quota <> for LDAP user "}
{"reqId":"d0396001-e909-48fc-bf87-f7a63ca2f10e","level":3,"time":"2018-02-26T07:18:40+00:00","remoteAddr":"77.209.139.231","user":"f5161fac-80fa-102a-8cc0-fdcd95ab32a5","app":"user_ldap","method":"PROPFIND","url":"\/owncloud\/remote.php\/dav\/files\/f5161fac-80fa-102a-8cc0-fdcd95ab32a5\/","message":"Invalid quota <> for LDAP user "}

Server configuration

Operating system:
ubuntu 16.04
Web server:
apache 2.4
Database:
MariaDB 10
PHP version:
7.0
ownCloud version: (see ownCloud admin page)
10.0.7
Updated from an older ownCloud or fresh install:
Updated
Where did you install ownCloud from:
sources

The content of config/config.php:****strong text
{
"system": {
"instanceid": "ocde02dfcbf8",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"datadirectory": "\/var\/www\/owncloud\/data",
"dbtype": "mysql",
"version": "10.0.7.2",
"dbname": "owncloud",
"dbhost": "172.16.1.27",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"ldapUserCleanupInterval": 51,
"theme": "sict",
"maintenance": false,
"trusted_domains": [
"nuvol.terrassa.upc.edu"
],
"mail_smtpmode": "smtp",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "25",
"mail_smtptimeout": 10,
"memcache.local": "\OC\Memcache\Redis",
"filelocking.enabled": "true",
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "\/tmp\/redis.sock",
"port": 0
},
"share_folder": "\/Shared",
"overwritewebroot": "\/owncloud",
"loglevel": 3,
"log_rotate_size": 104857600,
"preview_libreoffice_path": "\/usr\/bin\/libreoffice",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"overwrite.cli.url": "\/owncloud",
"trashbin_retention_obligation": "auto",
"activity_expire_days": "180",
"updatechecker": false,
"ldapIgnoreNamingRules": false,
"singleuser": false
}
}

List of activated apps:
Enabled:
- activity: 2.3.6
- bookmarks: 0.10.2
- calendar: 1.5.5
- comments: 0.3.0
- configreport: 0.1.1
- contacts: 1.5.3
- dav: 0.3.2
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_pdfviewer: 0.8.2
- files_sharing: 0.10.1
- files_texteditor: 2.2.1
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- gallery: 16.0.2
- impersonate: 0.1.2
- market: 0.2.3
- notifications: 0.3.2
- polls: 0.8.0
- provisioning_api: 0.5.0
- richdocuments: 2.0.5
- systemtags: 0.3.0
- tasks: 0.9.6
- templateeditor: 0.2
- updatenotification: 0.2.1
- user_ldap: 0.10.0
Disabled:
- encryption
- external
- theme-example
- user_external

Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP

LDAP configuration (delete this part if not used)

+-------------------------------+--------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+--------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=smbldap-tools,ou=DSA,dc=ct,dc=upc,dc=es |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | cn |
| ldapAttributesForUserSearch | uid;displayname |
| ldapBackupHost | ldaps://ldapsec-ct.upc.edu |
| ldapBackupPort | 636 |
| ldapBase | dc=ct,dc=upc,dc=es |
| ldapBaseGroups | ou=Groups,dc=ct,dc=upc,dc=es |
| ldapBaseUsers | ou=Users,dc=ct,dc=upc,dc=es |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | entryuuid |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(objectClass=ownCloudGroup)(ownCloudEnabled=1)) |
| ldapGroupFilterGroups | cd6;plataforma;sbasics;sict;sict220;sict320;sict370;sictserveis;som;som170;telematica;telesom;ugct;ugt |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | memberUid |
| ldapHost | ldaps://ldap-ct.upc.edu |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(objectclass=inetOrgPerson)(|(uid=%uid)(|(uid=%uid)))) |
| ldapLoginFilterAttributes | uid |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | 0 |
| ldapPagingSize | 500 |
| ldapPort | 636 |
| ldapQuotaAttribute | ownCloudQuota |
| ldapQuotaDefault | 2 G |
| ldapTLS | 0 |
| ldapUserDisplayName | uid |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(objectclass=inetOrgPerson)(!(sambaAcctFlags=[DUX]))(!(gidNumber=1079))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 1 |
| ldapUserFilterObjectclass | inetOrgPerson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+--------------------------------------------------------------------------------------------------------+


#2

I've noticed messages reference ldap accounts without specific quota, so I'm wondering if the issue could be related to default user quota specified in ldap advance settings.


#3

I think the log message is pretty clear: those users have an empty quota set in the LDAP server. Either set a valid quota for those users, or unset the attibute for those users so the default quota can be applied.


#4

That's the case. Those users have quota attribute unset. That's what I meant.


#5

Try running the following from the ownCloud server if possible. You might need to install "ldap-utils" to run the command.

ldapsearch -h host -p port -D ldap-account -b base-dn -x -W '(&(objectclass=inetOrgPerson)(!(ownCloudQuota=*)))' 'entryUUID'

In your case:

ldapsearch -h ldaps://ldap-ct.upc.edu -p 636 -D 'cn=smbldap-tools,ou=DSA,dc=ct,dc=upc,dc=es' -b 'dc=ct,dc=upc,dc=es' -x -W '(&(objectclass=inetOrgPerson)(!(ownCloudQuota=*)(!(sambaAcctFlags=[DUX]))(!(gidNumber=1079)))' 'entryUUID'

The response should show the users who don't have the ownCloudQuota attribute set. The rest of the users have some data in the attribute


#6

Sorry but I don't understand the utility of that query.
The thing is that log file is complaining with "invalid quota" on users who don't have quota attribute and which are supposed to have default quota, something that didn't happen in previous. Actually, if you log in with one of these users, quota shown is the defauls, so it is working as expected.
The strange thing is the messages in the log file.


#7

The error can safely be ignored. The default quota will be used. Your scenario raises the question if we should decrease the log level for that line. Or accept empty string if the default quota was specified ... hm I guess we can safely treat emptystring as null here


#8

@fbassas can you try https://github.com/owncloud/user_ldap/pull/195


#9

Messages disapear only with @jvillafanez suggestion:

} else if ($quota !== null && !$this->verifyQuotaValue($quota)) {

without first part of "if" messages still apear.