LDAP Search not working when attempting to share


#1

I'm trying to share out a folder with an LDAP user that has not logged onto ownCloud yet, when I type in the name of the user, the search field does not populate with users from LDAP. This is a fresh install

Steps to reproduce

1.Setup LDAP
2.Create a folder and try to share it to someone that has not yet logged into ownCloud
3.

Expected behaviour

Search LDAP and return the user's name

Actual behaviour

Nothing

Server configuration

Ubuntu

Web server: Apache

Database: MySQL

PHP version: 7.0

ownCloud version: 10.0.4.4

Updated from an older ownCloud or fresh install: Fresh Install

Where did you install ownCloud from: Linux Package

Signing status (ownCloud 9.0 and above):

No errors have been found.

List of activated apps:

Enabled:
  - activity: 2.3.6
  - comments: 0.3.0
  - configreport: 0.1.1
  - dav: 0.3.2
  - encryption: 1.3.1
  - federatedfilesharing: 0.3.1
  - files: 1.5.1
  - files_external: 0.7.1
  - files_sharing: 0.10.1
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - gallery: 16.0.2
  - market: 0.2.3
  - notifications: 0.3.2
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
  - user_ldap: 0.10.0
Disabled:
  - external
  - federation
  - firstrunwizard
  - theme-example
  - user_external

Are you using external storage, if yes which one: N

Are you using encryption: Yes

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory

LDAP configuration (delete this part if not used)

+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                                                                        |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                                                      |
| hasPagedResultSupport         |                                                                                                                                        |
| homeFolderNamingRule          |                                                                                                                                        |
| lastJpegPhotoLookup           | 0                                                                                                                                      |
| ldapAgentName                 | CN=owncloud,OU=ServiceAccounts,DC=mydomain,DC=local                                                                                    |
| ldapAgentPassword             | ***                                                                                                                                    |
| ldapAttributesForGroupSearch  |                                                                                                                                        |
| ldapAttributesForUserSearch   |                                                                                                                                        |
| ldapBackupHost                |                                                                                                                                        |
| ldapBackupPort                |                                                                                                                                        |
| ldapBase                      | dc=mydomain,dc=local                                                                                                                   |
| ldapBaseGroups                | dc=mydomain,dc=local                                                                                                                   |
| ldapBaseUsers                 | dc=mydomain,dc=local                                                                                                                   |
| ldapCacheTTL                  | 600                                                                                                                                    |
| ldapConfigurationActive       | 1                                                                                                                                      |
| ldapDynamicGroupMemberURL     |                                                                                                                                        |
| ldapEmailAttribute            | mail                                                                                                                                   |
| ldapExperiencedAdmin          | 0                                                                                                                                      |
| ldapExpertUUIDGroupAttr       |                                                                                                                                        |
| ldapExpertUUIDUserAttr        | objectguid                                                                                                                             |
| ldapExpertUsernameAttr        | samaccountname                                                                                                                         |
| ldapGroupDisplayName          | cn                                                                                                                                     |
| ldapGroupFilter               | (&(|(objectclass=group))(|(cn=Corp-Ops-TeamMember)(cn=Corp-Ops--mydomainAll)))                                                         |
| ldapGroupFilterGroups         | Corp-Ops-TeamMember;Corp-Ops--mydomainAll                                                                                              |
| ldapGroupFilterMode           | 0                                                                                                                                      |
| ldapGroupFilterObjectclass    | group                                                                                                                                  |
| ldapGroupMemberAssocAttr      | member                                                                                                                                 |
| ldapHost                      | mydomaincontroller.mydomain.local                                                                                                           |
| ldapIgnoreNamingRules         |                                                                                                                                        |
| ldapLoginFilter               | sAMAccountName=%uid                                                                                                                    |
| ldapLoginFilterAttributes     |                                                                                                                                        |
| ldapLoginFilterEmail          | 0                                                                                                                                      |
| ldapLoginFilterMode           | 0                                                                                                                                      |
| ldapLoginFilterUsername       | 1                                                                                                                                      |
| ldapNestedGroups              | 0                                                                                                                                      |
| ldapOverrideMainServer        |                                                                                                                                        |
| ldapPagingSize                | 500                                                                                                                                    |
| ldapPort                      | 389                                                                                                                                    |
| ldapQuotaAttribute            |                                                                                                                                        |
| ldapQuotaDefault              |                                                                                                                                        |
| ldapTLS                       | 0                                                                                                                                      |
| ldapUserDisplayName           | cn                                                                                                                                     |
| ldapUserDisplayName2          |                                                                                                                                        |
| ldapUserFilter                | (&(|(objectclass=user))(|(|(memberof=CN=mydomainEmployees,OU=mydomain Distribution Lists,DC=mydomain,DC=local)(primaryGroupID=1628)))) |
| ldapUserFilterGroups          | mydomainEmployees                                                                                                                      |
| ldapUserFilterMode            | 0                                                                                                                                      |
| ldapUserFilterObjectclass     | user                                                                                                                                   |
| ldapUuidGroupAttribute        | auto                                                                                                                                   |
| ldapUuidUserAttribute         | auto                                                                                                                                   |
| turnOffCertCheck              | 0                                                                                                                                      |
| useMemberOfToDetectMembership | 1                                                                                                                                      |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+

Client configuration

Browser:Chrome

Operating system:Windows 10


#2

Hey @efanning! Since ownCloud 10, we lookup users from an internal table of known accounts - for many reasons, including search performance and reducing load on external services such as the LDAP server. If you need to autocomplete / search for users in your LDAP server, please use the user:sync command to provison the LDAP accounts in ownCloud first - they will then appear in the autocomplete box. Checkout the documentation on this here: https://doc.owncloud.org/server/latest/admin_manual/configuration/user/user_auth_ldap.html#syncing-users


#3

Thanks for the response, @tomneedham, I have followed the instructions on the link and have created the Cron job, but it's still not importing the LDAP users. Am I missing something?


#4

I'm entering in this command with these results....

sudo -u www-data /usr/bin/php /var/www/owncloud/occ user:sync -vvv -n "OCA\User_LDAP\User_Proxy"
Analyse unknown users ...
   19 [============================] 5 secs 18.0 MiB

No unknown users have been detected.
Insert new and update existing users ...
    0 [>---------------------------] < 1 sec 18.0 MiB

And I'm still not able to get all my LDAP users sync'd over. The only user that show up are the ones that have logged in already. Is there something I'm doing wrong?


#5

It doesn't seem you have the LDAP configuration properly setup because you aren't fetching any user.

Check the following command, based on your configuration (adjust any value that might be wrong):

ldapsearch -h mydomaincontroller.mydomain.local -p 389 -D "CN=owncloud,OU=ServiceAccounts,DC=mydomain,DC=local" -b "dc=mydomain,dc=local" -x -w <ldap-password> '(&(|(objectclass=user))(|(|(memberof=CN=mydomainEmployees,OU=mydomain Distribution Lists,DC=mydomain,DC=local)(primaryGroupID=1628))))'

The ldapsearch command can be found in the "ldap-utils" package in ubuntu. You might need to install it.

If the command doesn't return any user then the problem is in the configuration.


#6

@jvillafanez, I started editing the command you suggested to put in the credentials and proper domain name and came to the "memberof" portion and determined my issue. Made the appropriate changes in ownCloud and reran the command, this time with success.

Thank you so much to you and @tomneedham for pointing me in the right direction to get this resolved.