LDAP Users can't log into Android app

ldap
help

#1

Actual behaviour

LDAP user enters server URL, username, password
user clicks connect
App appears to go to the file list, then backs out to login screen where the username has changed itself to the UUID username from the LDAP import. At this point the username field cannot be changed and entering any passwords results in an invalid password message when trying to reconnect.

Expected behaviour

LDAP user enters server URL, username, password
user clicks connect
App displays file list and continues to operate normally

Steps to reproduce

  1. Create an LDAP user where the default setting is used to import the UUID as the internal username
  2. Try to login with that account in the android app

Can this problem be reproduced with the official owncloud server?
(url: https://demo.owncloud.org, user: test, password: test)
Not sure how to create an LDAP user on that server. also test/test does not work to log in

Environment data

Android version: 4.4 and 6.0.1 tested

Device model: Tested on Note 2/ Nexus 5/ Android Emulator in Android Studio

Stock or customized system: stock

ownCloud app version: 2.4.0

ownCloud server version: 10.0.3.3

Logs

Web server error log

[Thu Sep 28 06:25:01.637150 2017] [mpm_prefork:notice] [pid 5655] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Thu Sep 28 06:25:01.637164 2017] [core:notice] [pid 5655] AH00094: Command line: '/usr/sbin/apache2'

ownCloud log (data/owncloud.log)

{"reqId":"hvrASuOEJq5PEJNnWzUQ","level":3,"time":"2017-09-28T17:08:48+00:00","remoteAddr":"192.168.0.14","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v1.php\/cloud\/capabilities?format=json","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"No user available for the given login name on MCC.local:389\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(117): OCA\\\\User_LDAP\\\\User_LDAP->getLDAPUserByLoginName('3068AB2C-4706-4...')\\n#1 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(106): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(138): OCA\\\\User_LDAP\\\\User_Proxy->callOnLastSeenOn('3068AB2C-4706-4...', 'checkPassword', Array, false)\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(194): OCA\\\\User_LDAP\\\\Proxy->handleRequest('3068AB2C-4706-4...', 'checkPassword', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Manager.php(215): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(467): OC\\\\User\\\\Manager->checkPassword(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(301): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(328): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(437): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(985): OC\\\\User\\\\Session->tryBasicAuthLogin(Object(OC\\\\AppFramework\\\\Http\\\\Request))\\n#11 \\\/var\\\/www\\\/owncloud\\\/ocs\\\/v1.php(81): OC::handleLogin(Object(OC\\\\AppFramework\\\\Http\\\\Request))\\n#12 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":101}"}
{"reqId":"hvrASuOEJq5PEJNnWzUQ","level":3,"time":"2017-09-28T17:08:48+00:00","remoteAddr":"192.168.0.14","user":"--","app":"user_ldap","method":"GET","url":"\/ocs\/v1.php\/cloud\/capabilities?format=json","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"No user available for the given login name on MCC.local:389\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(117): OCA\\\\User_LDAP\\\\User_LDAP->getLDAPUserByLoginName('3068AB2C-4706-4...')\\n#1 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(79): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(140): OCA\\\\User_LDAP\\\\User_Proxy->walkBackends('3068AB2C-4706-4...', 'checkPassword', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(194): OCA\\\\User_LDAP\\\\Proxy->handleRequest('3068AB2C-4706-4...', 'checkPassword', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Manager.php(215): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(467): OC\\\\User\\\\Manager->checkPassword(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(301): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(328): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(437): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(985): OC\\\\User\\\\Session->tryBasicAuthLogin(Object(OC\\\\AppFramework\\\\Http\\\\Request))\\n#11 \\\/var\\\/www\\\/owncloud\\\/ocs\\\/v1.php(81): OC::handleLogin(Object(OC\\\\AppFramework\\\\Http\\\\Request))\\n#12 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":101}"}
{"reqId":"hvrASuOEJq5PEJNnWzUQ","level":2,"time":"2017-09-28T17:08:48+00:00","remoteAddr":"192.168.0.14","user":"--","app":"core","method":"GET","url":"\/ocs\/v1.php\/cloud\/capabilities?format=json","message":"Login failed: '3068AB2C-4706-4705-86D8-F14F237C43DC' (Remote IP: '192.168.0.14')"}
{"reqId":"03rhhkoA8JDTdCrUKNhu","level":3,"time":"2017-09-28T17:08:49+00:00","remoteAddr":"192.168.0.14","user":"--","app":"user_ldap","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"No user available for the given login name on MCC.local:389\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(117): OCA\\\\User_LDAP\\\\User_LDAP->getLDAPUserByLoginName('3068AB2C-4706-4...')\\n#1 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(106): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(138): OCA\\\\User_LDAP\\\\User_Proxy->callOnLastSeenOn('3068AB2C-4706-4...', 'checkPassword', Array, false)\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(194): OCA\\\\User_LDAP\\\\Proxy->handleRequest('3068AB2C-4706-4...', 'checkPassword', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Manager.php(215): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(467): OC\\\\User\\\\Manager->checkPassword(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(301): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(328): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(124): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php(105): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->validateUserPass(*** sensitive parameters replaced ***)\\n#11 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(245): Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#12 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(149): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->auth(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(201): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(150): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#15 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#17 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#18 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#19 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#20 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#21 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":101}"}
{"reqId":"03rhhkoA8JDTdCrUKNhu","level":3,"time":"2017-09-28T17:08:49+00:00","remoteAddr":"192.168.0.14","user":"--","app":"user_ldap","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"No user available for the given login name on MCC.local:389\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(117): OCA\\\\User_LDAP\\\\User_LDAP->getLDAPUserByLoginName('3068AB2C-4706-4...')\\n#1 [internal function]: OCA\\\\User_LDAP\\\\User_LDAP->checkPassword(*** sensitive parameters replaced ***)\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(79): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/Proxy.php(140): OCA\\\\User_LDAP\\\\User_Proxy->walkBackends('3068AB2C-4706-4...', 'checkPassword', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(194): OCA\\\\User_LDAP\\\\Proxy->handleRequest('3068AB2C-4706-4...', 'checkPassword', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Manager.php(215): OCA\\\\User_LDAP\\\\User_Proxy->checkPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(467): OC\\\\User\\\\Manager->checkPassword(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(301): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(328): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(124): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php(105): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->validateUserPass(*** sensitive parameters replaced ***)\\n#11 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(245): Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#12 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(149): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->auth(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(201): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(150): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#15 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#17 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#18 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#19 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#20 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#21 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php\",\"Line\":101}"}
{"reqId":"03rhhkoA8JDTdCrUKNhu","level":2,"time":"2017-09-28T17:08:49+00:00","remoteAddr":"192.168.0.14","user":"--","app":"core","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Login failed: '3068AB2C-4706-4705-86D8-F14F237C43DC' (Remote IP: '192.168.0.14')"}

#2

I've found the issue.
In /src/com/owncloud/android/authentication/AuthenticatorActivity.java on line 1085
The username input field is rewritten with the returned userID from the owncloud server.
Unfortunately, the createAccount method uses the input field as the source for the username to be stored!

As a quick fix, I just commented out the line that rewrites the username field. Not sure why it's there or if it might cause other problems... but it seems to work fine.

Someone please review and publish to the source :slight_smile:


#3

Fix will be release in 2.5.0, expected next week.


#4

Hi @metheos , have you tried out the 2.5.0 app version? Has it solved your problem? Thanks