LDAP Integration Error - Wrong DN Base

Server
1

Hi, there

I have just added the Ldap Integratio feature on my onwclod server. But, when I try to add my LDAP server it keeps telling me that my DN Base is wrong. The Test DN Base and Detect DN Base options also return the same error. Therefore, I am not able to end the LDAP server configuration steps. Also, some times it shows the “Could Not Connect to LDAP” message. First I thought there were some firewall issues, but I can do a ldapsearch query on my owncloud server command line, and a I have also tested 389 and 636 ports with nc … and the communications are working fine

LDAP
LDAP1080×788 65.4 KB

Does anyone ever faced these kind of problems?

Server configuration

Operating system: Linux 4.18.0-372.9.1.el8.x86_64 Red Hat Enterprise Linux 8.6 (Ootpa)

**Web server:Apache 2.4.37-47

**Database: Maria DB 3:10.3.32-2

**PHP version:7.4

**ownCloud version:10.10 fresh install

**Where did you install ownCloud from: https://download.owncloud.com/server/stable/owncloud-complete-latest.zip

Signing status (ownCloud 9.0 and above):
No errors have been found.

The content of config/config.php:

{
“system”: {
“instanceid”: “octl0d7rf32x”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“10.253.81.30”
],
“datadirectory”: “/var/www/html/owncloud/data”,
“overwrite.cli.url”: “https://10.253.81.30/owncloud”,
“dbtype”: “mysql”,
“version”: “10.10.0.3”,
“dbname”: “owncloud_db”,
“dbhost”: “localhost:3306”,
“dbtableprefix”: “oc_”,
“mysql.utf8mb4”: true,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“allow_user_to_change_mail_address”: “”,
“logtimezone”: “UTC”,
“apps_paths”: [
{
“path”: “/var/www/html/owncloud/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/html/owncloud/apps-external”,
“url”: “/apps-external”,
“writable”: true
}
],
“installed”: true,
“ldapIgnoreNamingRules”: false
}
}

List of activated apps:
Enabled:

  • activity:
    • Version: 2.7.0
    • Path: /var/www/html/owncloud/apps/activity
  • comments:
    • Version: 0.3.0
    • Path: /var/www/html/owncloud/apps/comments
  • configreport:
    • Version: 0.2.1
    • Path: /var/www/html/owncloud/apps/configreport
  • dav:
    • Version: 0.7.0
    • Path: /var/www/html/owncloud/apps/dav
  • federatedfilesharing:
    • Version: 0.5.0
    • Path: /var/www/html/owncloud/apps/federatedfilesharing
  • federation:
    • Version: 0.1.0
    • Path: /var/www/html/owncloud/apps/federation
  • files:
    • Version: 1.5.2
    • Path: /var/www/html/owncloud/apps/files
  • files_external:
    • Version: 0.9.0
    • Path: /var/www/html/owncloud/apps/files_external
  • files_mediaviewer:
    • Version: 1.0.5
    • Path: /var/www/html/owncloud/apps/files_mediaviewer
  • files_pdfviewer:
    • Version: 1.0.1
    • Path: /var/www/html/owncloud/apps/files_pdfviewer
  • files_sharing:
    • Version: 0.14.0
    • Path: /var/www/html/owncloud/apps/files_sharing
  • files_texteditor:
    • Version: 2.4.1
    • Path: /var/www/html/owncloud/apps/files_texteditor
  • files_trashbin:
    • Version: 0.9.1
    • Path: /var/www/html/owncloud/apps/files_trashbin
  • files_versions:
    • Version: 1.3.0
    • Path: /var/www/html/owncloud/apps/files_versions
  • firstrunwizard:
    • Version: 1.2.0
    • Path: /var/www/html/owncloud/apps/firstrunwizard
  • market:
    • Version: 0.6.3
    • Path: /var/www/html/owncloud/apps/market
  • notifications:
    • Version: 0.5.4
    • Path: /var/www/html/owncloud/apps/notifications
  • provisioning_api:
    • Version: 0.5.0
    • Path: /var/www/html/owncloud/apps/provisioning_api
  • systemtags:
    • Version: 0.3.0
    • Path: /var/www/html/owncloud/apps/systemtags
  • templateeditor:
    • Version: 0.4.0
    • Path: /var/www/html/owncloud/apps/templateeditor
  • updatenotification:
    • Version: 0.2.1
    • Path: /var/www/html/owncloud/apps/updatenotification
  • user_ldap:
    • Version: 0.16.0
    • Path: /var/www/html/owncloud/apps/user_ldap

LDAP configuration (delete this part if not used)

±------------------------------±------------------------------------------------+
| Configuration | s01 |
±------------------------------±------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=AACZN1,OU=TIC,OU=Usuarios,dc=petroaut,dc=biz |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=petroaut,dc=biz |
| ldapBaseGroups | dc=petroaut,dc=biz |
| ldapBaseUsers | dc=petroaut,dc=biz |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAlgo | groupScan |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | 10.29.185.4 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±------------------------------------------------+

SELECT * FROM oc_appconfig WHERE appid = ‘user_ldap’;
±----------±-------------------------------------±------------------------------------------------+
| appid | configkey | configvalue |
±----------±-------------------------------------±------------------------------------------------+
| user_ldap | enabled | yes |
| user_ldap | installed_version | 0.16.0 |
| user_ldap | s01has_memberof_filter_support | 0 |
| user_ldap | s01home_folder_naming_rule | |
| user_ldap | s01last_jpegPhoto_lookup | 0 |
| user_ldap | s01ldap_agent_password | ************* |
| user_ldap | s01ldap_attributes_for_group_search | |
| user_ldap | s01ldap_attributes_for_user_search | |
| user_ldap | s01ldap_backup_host | |
| user_ldap | s01ldap_backup_port | |
| user_ldap | s01ldap_base | dc=petroaut,dc=biz |
| user_ldap | s01ldap_base_groups | dc=petroaut,dc=biz |
| user_ldap | s01ldap_base_users | dc=petroaut,dc=biz |
| user_ldap | s01ldap_cache_ttl | 600 |
| user_ldap | s01ldap_configuration_active | 1 |
| user_ldap | s01ldap_display_name | displayName |
| user_ldap | s01ldap_dn | CN=AACZN1,OU=TIC,OU=Usuarios,dc=petroaut,dc=biz |
| user_ldap | s01ldap_dynamic_group_member_url | |
| user_ldap | s01ldap_email_attr | |
| user_ldap | s01ldap_experienced_admin | 0 |
| user_ldap | s01ldap_expert_username_attr | |
| user_ldap | s01ldap_expert_uuid_group_attr | |
| user_ldap | s01ldap_expert_uuid_user_attr | |
| user_ldap | s01ldap_group_display_name | cn |
| user_ldap | s01ldap_group_filter | |
| user_ldap | s01ldap_group_filter_mode | 0 |
| user_ldap | s01ldap_group_member_algo | groupScan |
| user_ldap | s01ldap_group_member_assoc_attribute | uniqueMember |
| user_ldap | s01ldap_groupfilter_groups | |
| user_ldap | s01ldap_groupfilter_objectclass | |
| user_ldap | s01ldap_host | 10.29.185.4 |
| user_ldap | s01ldap_login_filter | |
| user_ldap | s01ldap_login_filter_mode | 0 |
| user_ldap | s01ldap_loginfilter_attributes | |
| user_ldap | s01ldap_loginfilter_email | 0 |
| user_ldap | s01ldap_loginfilter_username | 1 |
| user_ldap | s01ldap_nested_groups | 0 |
| user_ldap | s01ldap_network_timeout | 2 |
| user_ldap | s01ldap_override_main_server | |
| user_ldap | s01ldap_paging_size | 500 |
| user_ldap | s01ldap_port | 389 |
| user_ldap | s01ldap_quota_attr | |
| user_ldap | s01ldap_quota_def | |
| user_ldap | s01ldap_tls | 0 |
| user_ldap | s01ldap_turn_off_cert_check | 0 |
| user_ldap | s01ldap_user_display_name_2 | |
| user_ldap | s01ldap_user_filter_mode | 0 |
| user_ldap | s01ldap_user_name | samaccountname |
| user_ldap | s01ldap_userfilter_groups | |
| user_ldap | s01ldap_userfilter_objectclass | |
| user_ldap | s01ldap_userlist_filter | |
| user_ldap | s01use_memberof_to_detect_membership | 1 |
| user_ldap | types | authentication |
±----------±-------------------------------------±------------------------------------------------+
53 rows in set (0.000 sec)

Client configuration

**Browser :Firefox 76 (64bits)

**Operating system:Windows 2012 R2

2

In addition to verifying all the inputs, there is a network timeout of 2 secs set by default, which might be too low. You might want to increase that value, either by the web UI or by command line.
Other than that, and assuming all the inputs are correct, maybe the logs contain some additional information. You might also want to rise the log level to “debug” to check what’s happening.

3

Thanks for your reply, @jvillafanez !

As you suggested, I increased the timeout to 60s and raised the log level . As we can see from the extract bellow, it seems that Owncloud is trying to test the LDAP connection with the ocadmin user. This user doesn’t exists on AD, it is a OC local user. Well, it should try to connect using these set of credentials: ldapAgentName |cn=AACZN1,ou=TIC,ou=Usuarios,dc=petroaut,dc=biz|

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps**/user_ldap/ajax/testConfiguration.php**",“message”:"No DN found for ocadmin on ldap://10.29.185.4"}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“OC\User\Session::validateToken”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“token 90769d75dd22cc16931ad2278dacf1f8dcd331029c0aa948e18fdc55d3866941248d89aa1716de58c94274dcd548d6ef62abfdb064b012698a80b073450efde0 with token id 6 found, validating”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“OC\User\Session::validateToken”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“token 90769d75dd22cc16931ad2278dacf1f8dcd331029c0aa948e18fdc55d3866941248d89aa1716de58c94274dcd548d6ef62abfdb064b012698a80b073450efde0 with token id 6 found, validating”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:35+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“Bind failed: (), no extended diagnostics, NULL”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:35+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“Bind failed: -1: Can’t contact LDAP server”}

4

I can’t reproduce the issue.

Could you ensure that you’re setting up the connection using a local admin user? I mean, I don’t know if you’re trying to set it up using an LDAP user or not

5

This user (ocadmin) is a local admin user, it is my only user so far … it was created while I was finishing the OC installation. It is not a LDAP user, I mean, it does not exists on my AD

image
image1624×437 61.5 KB

6

Could you retry using the official docker image against the same ldap server (Docker Hub)? Maybe there is an additional configuration that we’re missing.

7

hi @jvillafanez,

I found the missing step. I had to configure some SELinux items. Most important, is to set SELinux booleans.

sudo setsebool -P httpd_can_connect_ldap on

Now it’s working just fine ! Here goes all changes made with SELinux:

sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/owncloud/data(/.)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config(/.)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/owncloud/apps(/.)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps-external(/.)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/owncloud/.htaccess’
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘/var/www/html/owncloud/.user.ini’

sudo restorecon -Rv ‘/var/www/html/owncloud/’

sudo setsebool -P httpd_unified 1
sudo setsebool -P httpd_execmem 1
sudo setsebool -P httpd_can_network_connect_db on
sudo setsebool -P httpd_can_connect_ldap on
sudo setsebool -P httpd_use_cifs on

Thanks,

8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.