LDAP Integration Error - Wrong DN Base

Hi, there

I have just added the Ldap Integratio feature on my onwclod server. But, when I try to add my LDAP server it keeps telling me that my DN Base is wrong. The Test DN Base and Detect DN Base options also return the same error. Therefore, I am not able to end the LDAP server configuration steps. Also, some times it shows the “Could Not Connect to LDAP” message. First I thought there were some firewall issues, but I can do a ldapsearch query on my owncloud server command line, and a I have also tested 389 and 636 ports with nc … and the communications are working fine

Does anyone ever faced these kind of problems?

Server configuration

Operating system: Linux 4.18.0-372.9.1.el8.x86_64 Red Hat Enterprise Linux 8.6 (Ootpa)

**Web server:Apache 2.4.37-47

**Database: Maria DB 3:10.3.32-2

**PHP version:7.4

**ownCloud version:10.10 fresh install

**Where did you install ownCloud from: https://download.owncloud.com/server/stable/owncloud-complete-latest.zip

Signing status (ownCloud 9.0 and above):
No errors have been found.

The content of config/config.php:

{
“system”: {
“instanceid”: “octl0d7rf32x”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“10.253.81.30”
],
“datadirectory”: “/var/www/html/owncloud/data”,
“overwrite.cli.url”: “https://10.253.81.30/owncloud”,
“dbtype”: “mysql”,
“version”: “10.10.0.3”,
“dbname”: “owncloud_db”,
“dbhost”: “localhost:3306”,
“dbtableprefix”: “oc_”,
“mysql.utf8mb4”: true,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“allow_user_to_change_mail_address”: “”,
“logtimezone”: “UTC”,
“apps_paths”: [
{
“path”: “/var/www/html/owncloud/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/html/owncloud/apps-external”,
“url”: “/apps-external”,
“writable”: true
}
],
“installed”: true,
“ldapIgnoreNamingRules”: false
}
}

List of activated apps:
Enabled:

  • activity:
    • Version: 2.7.0
    • Path: /var/www/html/owncloud/apps/activity
  • comments:
    • Version: 0.3.0
    • Path: /var/www/html/owncloud/apps/comments
  • configreport:
    • Version: 0.2.1
    • Path: /var/www/html/owncloud/apps/configreport
  • dav:
    • Version: 0.7.0
    • Path: /var/www/html/owncloud/apps/dav
  • federatedfilesharing:
    • Version: 0.5.0
    • Path: /var/www/html/owncloud/apps/federatedfilesharing
  • federation:
    • Version: 0.1.0
    • Path: /var/www/html/owncloud/apps/federation
  • files:
    • Version: 1.5.2
    • Path: /var/www/html/owncloud/apps/files
  • files_external:
    • Version: 0.9.0
    • Path: /var/www/html/owncloud/apps/files_external
  • files_mediaviewer:
    • Version: 1.0.5
    • Path: /var/www/html/owncloud/apps/files_mediaviewer
  • files_pdfviewer:
    • Version: 1.0.1
    • Path: /var/www/html/owncloud/apps/files_pdfviewer
  • files_sharing:
    • Version: 0.14.0
    • Path: /var/www/html/owncloud/apps/files_sharing
  • files_texteditor:
    • Version: 2.4.1
    • Path: /var/www/html/owncloud/apps/files_texteditor
  • files_trashbin:
    • Version: 0.9.1
    • Path: /var/www/html/owncloud/apps/files_trashbin
  • files_versions:
    • Version: 1.3.0
    • Path: /var/www/html/owncloud/apps/files_versions
  • firstrunwizard:
    • Version: 1.2.0
    • Path: /var/www/html/owncloud/apps/firstrunwizard
  • market:
    • Version: 0.6.3
    • Path: /var/www/html/owncloud/apps/market
  • notifications:
    • Version: 0.5.4
    • Path: /var/www/html/owncloud/apps/notifications
  • provisioning_api:
    • Version: 0.5.0
    • Path: /var/www/html/owncloud/apps/provisioning_api
  • systemtags:
    • Version: 0.3.0
    • Path: /var/www/html/owncloud/apps/systemtags
  • templateeditor:
    • Version: 0.4.0
    • Path: /var/www/html/owncloud/apps/templateeditor
  • updatenotification:
    • Version: 0.2.1
    • Path: /var/www/html/owncloud/apps/updatenotification
  • user_ldap:
    • Version: 0.16.0
    • Path: /var/www/html/owncloud/apps/user_ldap

LDAP configuration (delete this part if not used)

±------------------------------±------------------------------------------------+
| Configuration | s01 |
±------------------------------±------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=AACZN1,OU=TIC,OU=Usuarios,dc=petroaut,dc=biz |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=petroaut,dc=biz |
| ldapBaseGroups | dc=petroaut,dc=biz |
| ldapBaseUsers | dc=petroaut,dc=biz |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAlgo | groupScan |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | 10.29.185.4 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±------------------------------------------------+

SELECT * FROM oc_appconfig WHERE appid = ‘user_ldap’;
±----------±-------------------------------------±------------------------------------------------+
| appid | configkey | configvalue |
±----------±-------------------------------------±------------------------------------------------+
| user_ldap | enabled | yes |
| user_ldap | installed_version | 0.16.0 |
| user_ldap | s01has_memberof_filter_support | 0 |
| user_ldap | s01home_folder_naming_rule | |
| user_ldap | s01last_jpegPhoto_lookup | 0 |
| user_ldap | s01ldap_agent_password | ************* |
| user_ldap | s01ldap_attributes_for_group_search | |
| user_ldap | s01ldap_attributes_for_user_search | |
| user_ldap | s01ldap_backup_host | |
| user_ldap | s01ldap_backup_port | |
| user_ldap | s01ldap_base | dc=petroaut,dc=biz |
| user_ldap | s01ldap_base_groups | dc=petroaut,dc=biz |
| user_ldap | s01ldap_base_users | dc=petroaut,dc=biz |
| user_ldap | s01ldap_cache_ttl | 600 |
| user_ldap | s01ldap_configuration_active | 1 |
| user_ldap | s01ldap_display_name | displayName |
| user_ldap | s01ldap_dn | CN=AACZN1,OU=TIC,OU=Usuarios,dc=petroaut,dc=biz |
| user_ldap | s01ldap_dynamic_group_member_url | |
| user_ldap | s01ldap_email_attr | |
| user_ldap | s01ldap_experienced_admin | 0 |
| user_ldap | s01ldap_expert_username_attr | |
| user_ldap | s01ldap_expert_uuid_group_attr | |
| user_ldap | s01ldap_expert_uuid_user_attr | |
| user_ldap | s01ldap_group_display_name | cn |
| user_ldap | s01ldap_group_filter | |
| user_ldap | s01ldap_group_filter_mode | 0 |
| user_ldap | s01ldap_group_member_algo | groupScan |
| user_ldap | s01ldap_group_member_assoc_attribute | uniqueMember |
| user_ldap | s01ldap_groupfilter_groups | |
| user_ldap | s01ldap_groupfilter_objectclass | |
| user_ldap | s01ldap_host | 10.29.185.4 |
| user_ldap | s01ldap_login_filter | |
| user_ldap | s01ldap_login_filter_mode | 0 |
| user_ldap | s01ldap_loginfilter_attributes | |
| user_ldap | s01ldap_loginfilter_email | 0 |
| user_ldap | s01ldap_loginfilter_username | 1 |
| user_ldap | s01ldap_nested_groups | 0 |
| user_ldap | s01ldap_network_timeout | 2 |
| user_ldap | s01ldap_override_main_server | |
| user_ldap | s01ldap_paging_size | 500 |
| user_ldap | s01ldap_port | 389 |
| user_ldap | s01ldap_quota_attr | |
| user_ldap | s01ldap_quota_def | |
| user_ldap | s01ldap_tls | 0 |
| user_ldap | s01ldap_turn_off_cert_check | 0 |
| user_ldap | s01ldap_user_display_name_2 | |
| user_ldap | s01ldap_user_filter_mode | 0 |
| user_ldap | s01ldap_user_name | samaccountname |
| user_ldap | s01ldap_userfilter_groups | |
| user_ldap | s01ldap_userfilter_objectclass | |
| user_ldap | s01ldap_userlist_filter | |
| user_ldap | s01use_memberof_to_detect_membership | 1 |
| user_ldap | types | authentication |
±----------±-------------------------------------±------------------------------------------------+
53 rows in set (0.000 sec)

Client configuration

**Browser :Firefox 76 (64bits)

**Operating system:Windows 2012 R2

In addition to verifying all the inputs, there is a network timeout of 2 secs set by default, which might be too low. You might want to increase that value, either by the web UI or by command line.
Other than that, and assuming all the inputs are correct, maybe the logs contain some additional information. You might also want to rise the log level to “debug” to check what’s happening.

Thanks for your reply, @jvillafanez !

As you suggested, I increased the timeout to 60s and raised the log level . As we can see from the extract bellow, it seems that Owncloud is trying to test the LDAP connection with the ocadmin user. This user doesn’t exists on AD, it is a OC local user. Well, it should try to connect using these set of credentials: ldapAgentName |cn=AACZN1,ou=TIC,ou=Usuarios,dc=petroaut,dc=biz|

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps**/user_ldap/ajax/testConfiguration.php**",“message”:"No DN found for ocadmin on ldap://10.29.185.4"}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“OC\User\Session::validateToken”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“token 90769d75dd22cc16931ad2278dacf1f8dcd331029c0aa948e18fdc55d3866941248d89aa1716de58c94274dcd548d6ef62abfdb064b012698a80b073450efde0 with token id 6 found, validating”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:34+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“OC\User\Session::validateToken”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“token 90769d75dd22cc16931ad2278dacf1f8dcd331029c0aa948e18fdc55d3866941248d89aa1716de58c94274dcd548d6ef62abfdb064b012698a80b073450efde0 with token id 6 found, validating”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:35+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“Bind failed: (), no extended diagnostics, NULL”}

{“reqId”:“YrRlHisdyAX1FEqJSrq@iQAAAEU”,“level”:0,“time”:“2022-06-23T13:05:35+00:00”,“remoteAddr”:“10.253.81.1”,“user”:“ocadmin”,“app”:“user_ldap”,“method”:“POST”,“url”:"/owncloud/index.php/apps/user_ldap/ajax/testConfiguration.php",“message”:“Bind failed: -1: Can’t contact LDAP server”}

I can’t reproduce the issue.

Could you ensure that you’re setting up the connection using a local admin user? I mean, I don’t know if you’re trying to set it up using an LDAP user or not

This user (ocadmin) is a local admin user, it is my only user so far … it was created while I was finishing the OC installation. It is not a LDAP user, I mean, it does not exists on my AD