Steps to reproduce
- Hide OwnCloude behind Auth-LDAP:
AuthType Basic
AuthName "Intranet"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap2.corp.domain.de ldap1.corp.domain.de/dc=domain,dc=de"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=intranet,ou=group,dc=domain,dc=de
- Configure OC to use LDAP as backend
- Try to log in to Owncloud. You will first be asked for the Basic authentication of the webserver before the OC login page occures
- login to OC with an LDAP user different the one used for the Webserver authentication
Expected behaviour
You should be logged in as the user used for login on OC
Actual behaviour
You are logged in as user from the Server authentication; the OC user login is not used
Server configuration
Debian 10
Web server:
Apache2
Database:
MySQL
PHP version:
7.3
ownCloud version: (see ownCloud admin page)
10.4.0 (stable)
Updated from an older ownCloud or fresh install:
Updated from 10.1, but occured on 10.1 as well
Where did you install ownCloud from:
via APT:
deb http://download.owncloud.org/download/repositories/production/Debian_10/ /
Signing status (ownCloud 9.0 and above):
can't login as admin due to the reasons above
The content of config/config.php:
{
"system": {
"updatechecker": false,
"instanceid": "ochopronxj1p",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.domain.de"
],
"datadirectory": "\/var\/www\/owncloud\/data",
"overwrite.cli.url": "http:\/\/cloud.domain.de",
"dbtype": "mysql",
"version": "10.4.0.4",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "php",
"ldapIgnoreNamingRules": false,
"singleuser": false,
"loglevel": 2,
"maintenance": false
},
"apps": {
"backgroundjob": {
"lastjob": "7"
},
"comments": {
"enabled": "yes",
"installed_version": "0.3.0",
"types": "logging,dav"
},
"configreport": {
"enabled": "yes",
"installed_version": "0.2.0",
"types": "filesystem"
},
"core": {
"default_encryption_module": "OC_DEFAULT_MODULE",
"enable_external_storage": "no",
"encryption_enabled": "no",
"installedat": "1524670492.1442",
"lastcron": "1583489097",
"lastupdateResult": "[]",
"lastupdatedat": "1583486787",
"oc.integritycheck.checker": "[]",
"public_files": "files_sharing\/public.php",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"shareapi_allow_public_upload": "no",
"shareapi_allow_social_share": "no",
"umgmt_show_is_enabled": "true",
"umgmt_show_last_login": "true",
"umgmt_show_storage_location": "true",
"vendor": "owncloud"
},
"dav": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "filesystem"
},
"encryption": {
"enabled": "yes",
"installed_version": "1.4.0",
"masterKeyId": "master_b41dfedf",
"publicShareKeyId": "pubShare_b41dfedf",
"recoveryKeyId": "recoveryKey_b41dfedf",
"types": "filesystem",
"useMasterKey": "1"
},
"federatedfilesharing": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "filesystem"
},
"federation": {
"enabled": "yes",
"installed_version": "0.1.0",
"types": "authentication"
},
"files": {
"cronjob_scan_files": "500",
"default_quota": "2 GB",
"enabled": "yes",
"installed_version": "1.5.2",
"types": "filesystem"
},
"files_external": {
"enabled": "yes",
"installed_version": "0.7.1",
"ocsid": "166048",
"types": "filesystem"
},
"files_mediaviewer": {
"enabled": "yes",
"installed_version": "1.0.1",
"types": ""
},
"files_sharing": {
"enabled": "yes",
"incoming_server2server_share_enabled": "no",
"installed_version": "0.12.0",
"outgoing_server2server_share_enabled": "no",
"types": "filesystem"
},
"files_trashbin": {
"enabled": "yes",
"installed_version": "0.9.1",
"types": "filesystem"
},
"files_versions": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": "filesystem"
},
"files_videoplayer": {
"enabled": "no",
"installed_version": "0.9.8",
"types": ""
},
"firstrunwizard": {
"enabled": "no",
"installed_version": "1.1",
"ocsid": "166055",
"types": ""
},
"market": {
"enabled": "yes",
"installed_version": "0.5.0",
"market": "0.4.0",
"signed": "true",
"types": "",
"user_ldap": "0.13.0"
},
"notifications": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "logging"
},
"provisioning_api": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "prevent_group_restriction"
},
"systemtags": {
"enabled": "yes",
"installed_version": "0.3.0",
"types": "logging"
},
"updatenotification": {
"core": "10.2.1",
"enabled": "yes",
"installed_version": "0.2.1",
"types": ""
},
"user_ldap": {
"enabled": "yes",
"has_memberof_filter_support": "",
"home_folder_naming_rule": "",
"installed_version": "0.15.0",
"last_jpegPhoto_lookup": "0",
"ldap_agent_password": "",
"ldap_attributes_for_group_search": "",
"ldap_attributes_for_user_search": "",
"ldap_backup_host": "",
"ldap_backup_port": "",
"ldap_base": "dc=domain,dc=de",
"ldap_base_groups": "dc=domain,dc=de",
"ldap_base_users": "dc=domain,dc=de",
"ldap_cache_ttl": "600",
"ldap_configuration_active": "1",
"ldap_display_name": "displayName",
"ldap_dn": "",
"ldap_dynamic_group_member_url": "",
"ldap_email_attr": "mail",
"ldap_experienced_admin": "0",
"ldap_expert_username_attr": "",
"ldap_expert_uuid_group_attr": "",
"ldap_expert_uuid_user_attr": "entryuuid",
"ldap_group_display_name": "cn",
"ldap_group_filter": "(&(|(objectclass=posixGroup))(|(cn=mitarbeiter)))",
"ldap_group_filter_mode": "0",
"ldap_group_member_assoc_attribute": "uniqueMember",
"ldap_groupfilter_groups": "mitarbeiter",
"ldap_groupfilter_objectclass": "posixGroup",
"ldap_host": "localhost",
"ldap_login_filter": "(&(|(objectclass=inetOrgPerson))(uid=%uid))",
"ldap_login_filter_mode": "0",
"ldap_loginfilter_attributes": "",
"ldap_loginfilter_email": "0",
"ldap_loginfilter_username": "1",
"ldap_nested_groups": "0",
"ldap_override_main_server": "",
"ldap_paging_size": "500",
"ldap_port": "389",
"ldap_quota_attr": "",
"ldap_quota_def": "",
"ldap_tls": "0",
"ldap_turn_off_cert_check": "0",
"ldap_user_display_name_2": "",
"ldap_user_filter_mode": "0",
"ldap_userfilter_groups": "",
"ldap_userfilter_objectclass": "inetOrgPerson",
"ldap_userlist_filter": "(|(objectclass=inetOrgPerson))",
"signed": "true",
"types": "authentication",
"use_memberof_to_detect_membership": "1"
}
}
}
List of activated apps:
Enabled:
- comments: 0.3.0
- configreport: 0.2.0
- dav: 0.5.0
- encryption: 1.4.0
- federatedfilesharing: 0.5.0
- federation: 0.1.0
- files: 1.5.2
- files_external: 0.7.1
- files_mediaviewer: 1.0.1
- files_sharing: 0.12.0
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- market: 0.5.0
- notifications: 0.5.0
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- updatenotification: 0.2.1
- user_ldap: 0.15.0
Disabled:
- external
- firstrunwizard
- user_external
Are you using external storage, if yes which one: no
Are you using encryption: not sure
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
+-------------------------------+---------------------------------------------------+
| Configuration | |
+-------------------------------+---------------------------------------------------+
| hasMemberOfFilterSupport | |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=domain,dc=de |
| ldapBaseGroups | dc=domain,dc=de |
| ldapBaseUsers | dc=domain,dc=de |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | entryuuid |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=posixGroup))(|(cn=mitarbeiter))) |
| ldapGroupFilterGroups | mitarbeiter |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | posixGroup |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | localhost |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | (|(objectclass=inetOrgPerson)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+---------------------------------------------------+
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
+-----------+-----------------------------------+---------------------------------------------------+
| appid | configkey | configvalue |
+-----------+-----------------------------------+---------------------------------------------------+
| user_ldap | enabled | yes |
| user_ldap | has_memberof_filter_support | |
| user_ldap | home_folder_naming_rule | |
| user_ldap | installed_version | 0.15.0 |
| user_ldap | last_jpegPhoto_lookup | 0 |
| user_ldap | ldap_agent_password | |
| user_ldap | ldap_attributes_for_group_search | |
| user_ldap | ldap_attributes_for_user_search | |
| user_ldap | ldap_backup_host | |
| user_ldap | ldap_backup_port | |
| user_ldap | ldap_base | dc=domain,dc=de |
| user_ldap | ldap_base_groups | dc=domain,dc=de |
| user_ldap | ldap_base_users | dc=domain,dc=de |
| user_ldap | ldap_cache_ttl | 600 |
| user_ldap | ldap_configuration_active | 1 |
| user_ldap | ldap_display_name | displayName |
| user_ldap | ldap_dn | |
| user_ldap | ldap_dynamic_group_member_url | |
| user_ldap | ldap_email_attr | mail |
| user_ldap | ldap_experienced_admin | 0 |
| user_ldap | ldap_expert_username_attr | |
| user_ldap | ldap_expert_uuid_group_attr | |
| user_ldap | ldap_expert_uuid_user_attr | entryuuid |
| user_ldap | ldap_group_display_name | cn |
| user_ldap | ldap_group_filter | (&(|(objectclass=posixGroup))(|(cn=mitarbeiter))) |
| user_ldap | ldap_group_filter_mode | 0 |
| user_ldap | ldap_group_member_assoc_attribute | uniqueMember |
| user_ldap | ldap_groupfilter_groups | mitarbeiter |
| user_ldap | ldap_groupfilter_objectclass | posixGroup |
| user_ldap | ldap_host | localhost |
| user_ldap | ldap_login_filter | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| user_ldap | ldap_login_filter_mode | 0 |
| user_ldap | ldap_loginfilter_attributes | |
| user_ldap | ldap_loginfilter_email | 0 |
| user_ldap | ldap_loginfilter_username | 1 |
| user_ldap | ldap_nested_groups | 0 |
| user_ldap | ldap_override_main_server | |
| user_ldap | ldap_paging_size | 500 |
| user_ldap | ldap_port | 389 |
| user_ldap | ldap_quota_attr | |
| user_ldap | ldap_quota_def | |
| user_ldap | ldap_tls | 0 |
| user_ldap | ldap_turn_off_cert_check | 0 |
| user_ldap | ldap_user_display_name_2 | |
| user_ldap | ldap_user_filter_mode | 0 |
| user_ldap | ldap_userfilter_groups | |
| user_ldap | ldap_userfilter_objectclass | inetOrgPerson |
| user_ldap | ldap_userlist_filter | (|(objectclass=inetOrgPerson)) |
| user_ldap | signed | true |
| user_ldap | types | authentication |
| user_ldap | use_memberof_to_detect_membership | 1 |
+-----------+-----------------------------------+---------------------------------------------------+
Client configuration
Browser:
FF, Chrome, Edge
Operating system:
Windows 10
Logs
Web server error log
Logs from loggin in as admin AFTER logging in to the webserver as sampleUser; OC logs me in as sampleUser, not admin, which is incorrect.
217.224.164.207 - sampleUser [06/Mar/2020:11:16:19 +0100] "POST /index.php/login HTTP/1.1" 303 1404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:19 +0100] "GET /index.php/apps/files/ HTTP/1.1" 200 6369 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/core/js/oc.js?v=d915238539ba7a378f6a739f5d4becb1 HTTP/1.1" 200 5485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /apps/files/img/folder.svg HTTP/1.1" 200 926 "https://cloud.domain.de/apps/files/css/files.css?v=d915238539ba7a378f6a739f5d4becb1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /cron.php HTTP/1.1" 302 1291 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/apps/encryption/ajax/getStatus HTTP/1.1" 200 1361 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/cron HTTP/1.1" 200 710 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /core/img/actions/add.svg HTTP/1.1" 200 837 "https://cloud.domain.de/core/css/icons.css?v=d915238539ba7a378f6a739f5d4becb1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "PROPFIND /remote.php/dav/files/c1861f0a-d103-1032-9924-edc0016992d2/ HTTP/1.1" 207 9047 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/avatar/c1861f0a-d103-1032-9924-edc0016992d2/28 HTTP/1.1" 200 1367 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/avatar/c1861f0a-d103-1032-9924-edc0016992d2/28 HTTP/1.1" 200 1367 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 952 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
217.224.164.207 - sampleUser [06/Mar/2020:11:16:20 +0100] "GET /core/img/actions/checkbox.svg HTTP/1.1" 200 773 "https://cloud.domain.de/core/css/inputs.css?v=d915238539ba7a378f6a739f5d4becb1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"
ownCloud log (data/owncloud.log)
-- empty, no messages during login --