Issue with groups after upgrade of Owncloud server

RicardoAzuul · May 13, 2020, 1:36pm

Steps to reproduce

Unknown

Expected behaviour

Expected behaviour, in my opinion: either the groups are visible in the web interface, or the groups can be recreated.

Actual behaviour

After an upgrade of Owncloud server from 9.1.1 to 10.4.1, almost everything is working as expected, except for a relatively minor thing. There were a couple of groups used to assign permissions to certain folders within Owncloud. After the upgrade, these groups were no longer visible in the ‘Users’ section of the Owncloud web interface. However, the groups were still visible as groups under the ‘Sharing details’ of folders.

I tried removing the groups from ‘Sharing details’ in order to try recreating the groups, but I can’t: when I try to recreate the groups in Owncloud, I get an error that the groups already exist.

This instance of Owncloud has an LDAP connection to our environment’s Active Directory, where these groups exist. However, I’ve found no group:sync or command like that in the occ CLI. And running occ group:list doesn’t show the groups I’m missing, but which already exist according to Owncloud.

I would like to be able to manage or recreate the groups.

Server configuration

Operating system: Ubuntu 18.04.4 LTS

Web server: apache2

**Database:**mariaDB

PHP version: 7.2.24

ownCloud version: 10.4.1

Updated from an older ownCloud or fresh install: updated from ownCloud 9.1.1

Where did you install ownCloud from: unknown

Signing status (ownCloud 9.0 and above): unknown

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and put the link here.
Going to the above - but for this ownCloud instance - just gives: No errors have been found.

The content of config/config.php:

https://gist.github.com/RicardoAzuul/304b7329ecdb2cf8810df36502c6911b

List of activated apps:

Are you using external storage, if yes which one: local

Are you using encryption: unknown

Are you using an external user-backend, if yes which one: ActiveDirectory

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

![image|688x500](upload://blU7uhRPtz5mzO3NvYkC0ZcBXrm.png) 
![image|587x500](upload://yMJhtuf1j22VwOF1sxQJrpFYXcF.png) 
![image|452x500](upload://rGUkWymxgoUIrVm0cTwQ9uavLHt.png) 
![image|562x500](upload://qyYFmQG094E2mtZxv9AiEIp47Qx.png) 
![image|687x500](upload://xCBWhY6yjRx9T0JibGKzyCIJNkh.png) 
![image|475x500](upload://sDq8c63MCeD8Mmq5BLzAlZkBb8z.png) 
![image|500x500](upload://k0cIpYYcji6nP16cjlX20jfChs3.png)

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

eneubauer · May 14, 2020, 8:37am

This is the LDAP config out of the gist:

            "appconfig": {
                "bgjUpdateGroupsLastRun": "1422621936",
                "cleanUpJobOffset": "0",
                "enabled": "yes",
                "installed_version": "0.15.1",
                "s01has_memberof_filter_support": "1",
                "s01home_folder_naming_rule": "",
                "s01last_jpegPhoto_lookup": "0",
                "s01ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
                "s01ldap_attributes_for_group_search": "",
                "s01ldap_attributes_for_user_search": "",
                "s01ldap_backup_host": "",
                "s01ldap_backup_port": "",
                "s01ldap_base": "OU=BMD,OU=Users,OU=GRIT,DC=GRIT,DC=local",
                "s01ldap_base_groups": "OU=Owncloud,OU=BMD,OU=UserGroups,OU=Groups,OU=GRIT,DC=GRIT,DC=local",
                "s01ldap_base_users": "OU=BMD,OU=Users,OU=GRIT,DC=GRIT,DC=local",
                "s01ldap_cache_ttl": "600",
                "s01ldap_configuration_active": "1",
                "s01ldap_display_name": "displayname",
                "s01ldap_dn": "ldapquery@grit.local",
                "s01ldap_dynamic_group_member_url": "",
                "s01ldap_email_attr": "mail",
                "s01ldap_experienced_admin": "0",
                "s01ldap_expert_username_attr": "",
                "s01ldap_expert_uuid_group_attr": "",
                "s01ldap_expert_uuid_user_attr": "objectguid",
                "s01ldap_group_display_name": "cn",
                "s01ldap_group_filter": "(&(|(objectclass=organizationalUnit)))",
                "s01ldap_group_filter_mode": "1",
                "s01ldap_group_member_assoc_attribute": "member",
                "s01ldap_groupfilter_groups": "",
                "s01ldap_groupfilter_objectclass": "organizationalUnit",
                "s01ldap_host": "172.28.100.12",
                "s01ldap_login_filter": "(&(&(objectclass=person))(samaccountname=%uid))",
                "s01ldap_login_filter_mode": "0",
                "s01ldap_loginfilter_attributes": "",
                "s01ldap_loginfilter_email": "0",
                "s01ldap_loginfilter_username": "1",
                "s01ldap_nested_groups": "0",
                "s01ldap_network_timeout": "2",
                "s01ldap_override_main_server": "",
                "s01ldap_paging_size": "500",
                "s01ldap_port": "389",
                "s01ldap_quota_attr": "",
                "s01ldap_quota_def": "",
                "s01ldap_tls": "0",
                "s01ldap_turn_off_cert_check": "0",
                "s01ldap_user_display_name_2": "",
                "s01ldap_user_filter_mode": "1",
                "s01ldap_user_name": "samaccountname",
                "s01ldap_userfilter_groups": "",
                "s01ldap_userfilter_objectclass": "person",
                "s01ldap_userlist_filter": "(&(|(objectclass=person)))",
                "s01use_memberof_to_detect_membership": "1",
                "s02has_memberof_filter_support": "0",
                "s02home_folder_naming_rule": "",
                "s02last_jpegPhoto_lookup": "0",
                "s02ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
                "s02ldap_attributes_for_group_search": "",
                "s02ldap_attributes_for_user_search": "",
                "s02ldap_backup_host": "",
                "s02ldap_backup_port": "",
                "s02ldap_base": "OU=HMS,OU=Users,OU=GRIT,DC=GRIT,DC=local",
                "s02ldap_base_groups": "OU=Owncloud,OU=HMS,OU=UserGroups,OU=Groups,OU=GRIT,DC=GRIT,DC=local",
                "s02ldap_base_users": "OU=HMS,OU=Users,OU=GRIT,DC=GRIT,DC=local",
                "s02ldap_cache_ttl": "600",
                "s02ldap_configuration_active": "1",
                "s02ldap_display_name": "displayname",
                "s02ldap_dn": "ldapquery@grit.local",
                "s02ldap_dynamic_group_member_url": "",
                "s02ldap_email_attr": "mail",
                "s02ldap_experienced_admin": "0",
                "s02ldap_expert_username_attr": "",
                "s02ldap_expert_uuid_group_attr": "",
                "s02ldap_expert_uuid_user_attr": "objectguid",
                "s02ldap_group_display_name": "cn",
                "s02ldap_group_filter": "(&(objectclass=group))",
                "s02ldap_group_filter_mode": "1",
                "s02ldap_group_member_assoc_attribute": "member",
                "s02ldap_groupfilter_groups": "",
                "s02ldap_groupfilter_objectclass": "organizationalUnit",
                "s02ldap_host": "172.28.100.11",
                "s02ldap_login_filter": "(&(&(objectclass=person))(samaccountname=%uid))",
                "s02ldap_login_filter_mode": "1",
                "s02ldap_loginfilter_attributes": "",
                "s02ldap_loginfilter_email": "0",
                "s02ldap_loginfilter_username": "1",
                "s02ldap_nested_groups": "0",
                "s02ldap_network_timeout": "2",
                "s02ldap_override_main_server": "",
                "s02ldap_paging_size": "500",
                "s02ldap_port": "389",
                "s02ldap_quota_attr": "",
                "s02ldap_quota_def": "",
                "s02ldap_tls": "0",
                "s02ldap_turn_off_cert_check": "0",
                "s02ldap_user_display_name_2": "",
                "s02ldap_user_filter_mode": "1",
                "s02ldap_user_name": "samaccountname",
                "s02ldap_userfilter_groups": "",
                "s02ldap_userfilter_objectclass": "person",
                "s02ldap_userlist_filter": "(&(objectclass=person))",
                "s02use_memberof_to_detect_membership": "1",
                "signed": "true",
                "types": "authentication"
            }

Were any LDAP settings changed during the upgrade?

Are these groups that exist in your AD and are supposed to be available in your ownCloud user backend?

Are you using nested groups in your AD?

Can you run the command occ group:list on the CLI of your ownCloud server and let us know whether it shows the groups or not?

Another thing, you have 2 LDAP servers configured: You need to make sure they are exactly the same.
Sometimes its better to just configure the second server as backup server in the advanced configuration of the first.

RicardoAzuul · May 25, 2020, 2:05pm

Hello eneubauer,

There were no changes made in the LDAP settings during upgrade.

The two groups that are having an issue exist in our AD, but I am under the impression they were not synced automatically: I have no occ group:sync command or something like that, just one for users.

When I run occ group:list, the groups I am looking for do not show up. All I see is this:

However, when I try to create the groups using the same name, the Owncloud webinterface gives me the error: Error creating group: group already exists.

I will look into the two LDAP servers to ensure they’re the same, or otherwise use one as backup.

Thanks!

eneubauer · May 26, 2020, 2:15pm

Groups from in your LDAP directory you’d like to use in your ownCloud you explicitly need to enable. This is in the group tab in the LDAP wizard.
Not sure if this behavior was different in ownCloud 9.1, but if yes that could explain it.

In the groups tab of the LDAP wizard you should be able to see all groups in your directory, and by selecting and clicking on the “>>” button you should be able to add them to ownCloud.

RicardoAzuul · May 26, 2020, 2:59pm

Using the above I managed to restore the groups! Before this I had no experience with Owncloud, so I was unaware that I had to explicitly select the groups: the configuration check said it had found 4 groups, I thought that was enough

The groups are back, including their members. Thanks!