Basically I’ve configured LDAP to query an AD environment. Groups and users are syncing fine.
Unfortunately, users are unable to login using their AD credentials. The web UI reports an incorrect password (or perhaps user combination?).
User search for sharing also fails, but groups can be found. This may be related or not.
Any help would be appreciated.
All of the required info is below…
Steps to reproduce
- Install owncloud
- Configure LDAP, test along the way from web gui
- Attempt to login with LDAP user
Expected behaviour
Successful login with LDAP credentials
Actual behaviour
Web UI reports password is incorrect
Server configuration
Operating system:
3.10.0-862.14.4.el7.x86_64
(CentOS 7)
Web server:
nginx/1.14.0
Database:
MariaDB 10.3
PHP version:
php-fpm 7.2
ownCloud version: (see ownCloud admin page)
10.0.10.4
Updated from an older ownCloud or fresh install:
Fresh install
Where did you install ownCloud from:
yum package
Signing status (ownCloud 9.0 and above):
Nothing showing invalid. Only app installed in LDAP.
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
No errors have been found.
The content of config/config.php:
# ./occ config:list system
{
"system": {
"updatechecker": false,
"instanceid": "ocvqm71yi4br",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"owncloud-impelling",
"files.impelling.work"
],
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "\/var\/run\/redis\/redis.sock",
"port": 0
},
"memcache.locking": "\\OC\\Memcache\\Redis",
"datadirectory": "\/data",
"overwrite.cli.url": "https:\/\/files.impelling.work",
"dbtype": "mysql",
"version": "10.0.10.4",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_smtpauthtype": "PLAIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"allow_user_to_change_display_name": true,
"ldapIgnoreNamingRules": false
}
}
List of activated apps:
2$ ./occ app:list
Enabled:
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.4.0
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_sharing: 0.11.0
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- market: 0.2.5
- notifications: 0.3.5
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- updatenotification: 0.2.1
- user_ldap: 0.11.0
Disabled:
- encryption
- external
Are you using external storage, if yes which one: local/smb/sftp/…
No - local disk
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
LDAP
LDAP configuration (delete this part if not used)
./occ ldap:show-config
+-------------------------------+----------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+----------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=owncloud,ou=service accounts,ou=users,ou=nothing2ccs,DC=cs,DC=nothing2c |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | cn |
| ldapAttributesForUserSearch | cn;samaccountname;displayname;givenname |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | ou=nothing2ccs,DC=cs,DC=nothing2c |
| ldapBaseGroups | ou=owncloud,ou=groups,ou=nothing2ccs,DC=cs,DC=nothing2c |
| ldapBaseUsers | OU=staff,OU=Users,OU=nothing2cCS,DC=cs,DC=nothing2c;OU=admins,OU=Users,OU=nothing2cCS,DC=cs,DC=nothing2c |
| ldapCacheTTL | 300 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | samaccountname |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 10.220.220.253 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=user)))(|(sAMAccountName=%uid))) |
| ldapLoginFilterAttributes | sAMAccountName |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 0 |
| ldapNestedGroups | 1 |
| ldapOverrideMainServer | |
| ldapPagingSize | 2000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | samaccountname |
| ldapUserFilter | (&(|(objectclass=user))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | user |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+----------------------------------------------------------------------------------------------------------+
Client configuration
Firefox 63.0b3
Operating system:
Windows 10 1803
Logs
Web server error log
1.2.3.4 - - [09/Oct/2018:18:57:33 +0100] "POST /login?user=username-removed HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0" "-"
1.2.3.4 - - [09/Oct/2018:18:57:34 +0100] "GET /login?user=username-removed HTTP/2.0" 200 10497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0" "-"
1.2.3.4 - - [09/Oct/2018:18:57:34 +0100] "GET /core/js/oc.js?v=70b35359928ff3e767d6be3c60b3a615 HTTP/2.0" 200 2616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0" "-"
ownCloud log (data/owncloud.log)
{"reqId":"jAPQPMyvRKYlMiDK1jZu","level":2,"time":"2018-10-09T17:19:51+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/login?user=username-removed","message":"Login failed: 'username-removed' (Remote IP: '1.2.3.4')"}
{"reqId":"rA5W93Vc4g20kb9QmFBM","level":2,"time":"2018-10-09T17:25:15+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/login?user=username-removed","message":"Login failed: 'username-removed' (Remote IP: '1.2.3.4')"}
{"reqId":"ODAzWiVReYlqWHYvfL8w","level":2,"time":"2018-10-09T17:31:00+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/login?user=username-removed","message":"Login failed: 'username-removed' (Remote IP: '1.2.3.4')"}