LDAP user can not complete login after upgrade 9.1.7 -> 10.0.5


#1

After upgrading from 9.1.6 to 10.0.5, by folowing the steps:

apt-get install owncloud-files
sudo -u www-data php /var/www/owncloud/occ upgrade

.....
2018-02-06T10:07:58+01:00 Starting code integrity check...
2018-02-06T10:08:03+01:00 Finished code integrity check
2018-02-06T10:08:03+01:00 Update successful
2018-02-06T10:08:03+01:00 Turned off maintenance mode
2018-02-06T10:08:03+01:00 Reset log level

sudo -u www-data php /var/www/owncloud/occ user:sync 'OCA\User_LDAP\User_Proxy'
sudo -u www-data php /var/www/owncloud/occ files:scan --all

Then when I try to login with an LDAP user the web client shows at the login page:

See owncloud log below

If I remove user from 'oc_accounts' table, the user can access an everything seems to work, but if he/she do a login/logout we have the same issue.

Server configuration

Operating system: Ubuntu 16.04.2 LTS

Web server: Apache 2.4.18

Database: MariaDB

PHP version: 7.0.22

ownCloud version: 10.0.5

Updated from an older ownCloud or fresh install: Updated from 9.1.7

Where did you install ownCloud from: Ubuntu packages

Signing status (ownCloud 9.0 and above):

Technical information

The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results

  • tasks
    • EXCEPTION
      • OC\IntegrityCheck\Exceptions\InvalidSignatureException
      • Certificate has been revoked.

Raw output

Array
(
[tasks] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Certificate has been revoked.
)

    )

)

The content of config/config.php:
{
"system": {
"instanceid": "oco2rubmgfq8",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"cloudt.cttc.upc.edu",
"cloudsrv.cttc-serv.org"
],
"datadirectory": "\/owncloud\/current\/data",
"overwrite.cli.url": "https:\/\/cloudt.cttc.upc.edu\/owncloud",
"dbtype": "mysql",
"version": "10.0.5.4",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"mail_smtpmode": "smtp",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"ldapIgnoreNamingRules": false,
"memcache.local": "\OC\Memcache\APCu",
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "localhost",
"port": 6379
},
"log_type": "owncloud",
"loglevel": 4,
"logtimezone": "Europe\/Madrid",
"log_rotate_size": 10485760,
"maintenance": false,
"theme": "default",
"default_language": "en",
"defaultapp": "files",
"allow_user_to_change_display_name": false,
"skeletondirectory": "",
"ldapUserCleanupInterval": 51,
"updatechecker": false,
"trashbin_retention_obligation": "auto",
"minimum.supported.desktop.version": "2.0.1",
"singleuser": false
}
}

List of activated apps:

  • activity: 2.3.6
  • calendar: 1.5.4
  • comments: 0.3.0
  • configreport: 0.1.1
  • contacts: 1.5.3
  • dav: 0.3.2
  • federatedfilesharing: 0.3.1
  • federation: 0.1.0
  • files: 1.5.1
  • files_external: 0.7.1
  • files_pdfviewer: 0.8.2
  • files_sharing: 0.10.1
  • files_texteditor: 2.2.1
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • files_videoplayer: 0.9.8
  • firstrunwizard: 1.1
  • gallery: 16.0.2
  • market: 0.2.3
  • notifications: 0.3.2
  • provisioning_api: 0.5.0
  • systemtags: 0.3.0
  • templateeditor: 0.2
  • updatenotification: 0.2.1
  • user_ldap: 0.10.0

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP

LDAP configuration (delete this part if not used)

| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | cn |
| ldapAttributesForUserSearch | givenName;sn |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=cttc,dc=org |
| ldapBaseGroups | ou=Groups,dc=cttc,dc=org |
| ldapBaseUsers | ou=Users,dc=cttc,dc=org |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | entryuuid |
| ldapExpertUsernameAttr | uid |
| ldapGroupDisplayName | description |
| ldapGroupFilter | (&(|(objectclass=posixGroup))(memberOf=cn=ocgroups,ou=Groups,dc=cttc,dc=org)) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | memberUid |
| ldapHost | ldap://ldap.cttc.org |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(objectClass=posixAccount)(memberOf=cn=ocusers,ou=Groups,dc=cttc,dc=org))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(objectClass=posixAccount)(memberOf=cn=ocusers,ou=Groups,dc=cttc,dc=org)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 1 |
| ldapUserFilterObjectclass | posixAccount |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 0 |

Client configuration

Browser: Firefox 58.0

Operating system: Ubuntu 16.04.2 LTS

ownCloud log (data/owncloud.log)

`
{
"reqId":"HbhvxCWmPL2P4ToJhqDE",
"level":3,"time":"2018-02-07T11:33:18+01:00",
"remoteAddr":"147.83.92.136",
"user":"--",
"app":"index",
"method":"POST",
"url":"\/owncloud\/index.php\/login",
"message":"Exception: {\"Exception\":\"Error\",\"Message\":\"Call to a member function getUID() on null\",\"Code\":0,\"Trace\":\"#0 \\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/User.php(145): OC\\User\\User->canChangeDisplayName()\n#1 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/User\\/Manager.php(404): OC\\User\\User->setDisplayName('Eduardo Garcia ...')\n#2 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/User\\/Manager.php(354): OCA\\User_LDAP\\User\\Manager->updateDisplayName(Object(OCA\\User_LDAP\\User\\UserEntry), Object(OC\\User\\User))\n#3 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/User_LDAP.php(152): OCA\\User_LDAP\\User\\Manager->updateAccount(Object(OCA\\User_LDAP\\User\\UserEntry))\n#4 [internal function]: OCA\\User_LDAP\\User_LDAP->checkPassword(*** sensitive parameters replaced )\n#5 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/User_Proxy.php(75): call_user_func_array(Array, Array)\n#6 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/Proxy.php(140): OCA\\User_LDAP\\User_Proxy->walkBackends('lalo', 'checkPassword', Array)\n#7 \\/var\\/www\\/owncloud\\/apps\\/user_ldap\\/lib\\/User_Proxy.php(180): OCA\\User_LDAP\\Proxy->handleRequest('lalo', 'checkPassword', Array)\n#8 \\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/Manager.php(221): OCA\\User_LDAP\\User_Proxy->checkPassword( sensitive parameters replaced )\n#9 \\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/Session.php(470): OC\\User\\Manager->checkPassword( sensitive parameters replaced )\n#10 \\/var\\/www\\/owncloud\\/lib\\/public\\/Events\\/EventEmitterTrait.php(50): OC\\User\\Session->OC\\User\\{closure}()\n#11 \\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/Session.php(494): OC\\User\\Session->emittingCall(Object(Closure), Array, 'user', 'login')\n#12 \\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/Session.php(300): OC\\User\\Session->loginWithPassword( sensitive parameters replaced )\n#13 \\/var\\/www\\/owncloud\\/core\\/Controller\\/LoginController.php(201): OC\\User\\Session->login( sensitive parameters replaced )\n#14 [internal function]: OC\\Core\\Controller\\LoginController->tryLogin( sensitive parameters replaced ***)\n#15 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php(159): call_user_func_array(Array, Array)\n#16 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php(89): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Core\\Controller\\LoginController), 'tryLogin')\n#17 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/App.php(103): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Core\\Controller\\LoginController), 'tryLogin')\n#18 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Routing\\/RouteActionHandler.php(46): OC\\AppFramework\\App::main('LoginController', 'tryLogin', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#19 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->_invoke(Array)\n#20 \\/var\\/www\\/owncloud\\/lib\\/private\\/Route\\/Router.php(342): calluser_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#21 \\/var\\/www\\/owncloud\\/lib\\/base.php(913): OC\\Route\\Router->match('\\/login')\n#22 \\/var\\/www\\/owncloud\\/index.php(55): OC::handleRequest()\n#23 {main}\",\"File\":\"\\/var\\/www\\/owncloud\\/lib\\/private\\/User\\/User.php\",\"Line\":332}"
}


#2

I found the reason:

'allow_user_to_change_display_name' => false,

It must be set to 'true'.

It is a bug, is it?

Regards


Bug on 10.0.X related to LDAP users
#3

Yes it's a known bug, see https://github.com/owncloud/core/pull/30450


Bug on 10.0.X related to LDAP users
#4

Thanks. It was in case you were not aware.

Regards