LDAP Users - Last Login, Inactive User Reporting Incorrect Information


#1

Steps to reproduce

  1. SSH to server, navigate to owncloud directory
  2. run sudo -u www-data php occ user:lastseen or sudo -u www-data php occ user:inactive 5
  3. review report

Expected behaviour

Report should produce valid ‘lastseen’ or ‘inactive’ users and associated dates.

Actual behaviour

Report give incorrect dates associated to when the client last login.

Server configuration

Operating system: ubuntu 16.04

Web server: Apache

Database: mysql

PHP version: PHP 7

ownCloud version: (see ownCloud admin page) 10.0.8.5

Updated from an older ownCloud or fresh install: Updated

Where did you install ownCloud from: Manual install from tar

Signing status (ownCloud 9.0 and above): No errors have been found.

The content of config/config.php:
{
“system”: {
“instanceid”: “-----”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“datadirectory”: “/data/”,
“dbtype”: “mysql”,
“version”: “10.0.8.5”,
“dbname”: “storage”,
“dbhost”: “dbstorage”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“installed”: true,
“forcessl”: true,
“ldapIgnoreNamingRules”: false,
“maintenance”: false,
“enable_previews”: false,
“loglevel”: 2,
“memcache.local”: “\OC\Memcache\Redis”,
“filelocking.enabled”: “true”,
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “redishostt”,
“port”: 6379,
“timeout”: 0,
“dbindex”: 0
},
“theme”: “”,
“appstoreenabled”: false,
“trusted_domains”: [
domain.com”,
domain.com
],
“share_folder”: “/Shared”,
“mail_smtpmode”: “smtp”,
“mail_smtpauth”: false,
“mail_from_address”: “REMOVED SENSITIVE VALUE”,
“mail_domain”: “REMOVED SENSITIVE VALUE”,
“mail_smtphost”: “REMOVED SENSITIVE VALUE”,
“mail_smtpport”: “587”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trashbin_retention_obligation”: “auto”,
“updater.secret”: “REMOVED SENSITIVE VALUE
}
}

List of activated apps:
Enabled:

  • configreport: 0.1.1
  • dav: 0.3.2
  • federatedfilesharing: 0.3.1
  • files: 1.5.1
  • files_external: 0.7.1
  • files_sharing: 0.10.1
  • files_trashbin: 0.9.1
  • files_versions: 1.3.0
  • market: 0.2.4
  • notifications: 0.3.3
  • provisioning_api: 0.5.0
  • updatenotification: 0.2.1
  • user_ldap: 0.11.0
    Disabled:
  • comments
  • encryption
  • external
  • federation
  • files_videoplayer
  • firstrunwizard
  • systemtags
  • theme-example
  • user_external

Are you using external storage, if yes which one: no, data is local

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP - ActiveDirectory

LDAP configuration (delete this part if not used)

±------------------------------±-------------------------------------------------------------------------------------------------+
| Configuration | |
±------------------------------±-------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | attr:samaccountname |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=ldpauser adconn,cn=Users,dc=domain,dc=org |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | cn;displayName;mail;samaccountname |
| ldapBackupHost | ldapsrv1 |
| ldapBackupPort | 636 |
| ldapBase | dc=domains,dc=org |
| ldapBaseGroups | ou=group,dc=domain,dc=org |
| ldapBaseUsers | ou=users,dc=domain,dc=orgl |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | objectClass=group |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldaps://ldapsrv2 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(objectclass=*)(|(samaccountname=%uid)(mailPrimaryAddress=%uid)(mail=%uid))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | 0 |
| ldapPagingSize | 500 |
| ldapPort | 636 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | 100 GB |
| ldapTLS | 0 |
| ldapUserDisplayName | cn |
| ldapUserDisplayName2 | |
| ldapUserFilter | (|(|(memberof=CN=group,OU=Groups,OU=group,DC=domain,DC=org)(primaryGroupID=9534))) |
| ldapUserFilterGroups | groupfiltername (REMOVED) |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±-------------------------------------------------------------------------------------------------+

Client configuration

Browser: NA

**Operating system: NA, Windows, Linux, MacOS


Quota resets to previous value using User_LDAP for authentication
#2

Hey,

if some information like this is incorrect then i think its probably better to report it to an bugtracker of the used software rather then to a user support forums of that software.

I’m just not sure which of the ownCloud bugtrackers at https://github.com/owncloud could match here but i think its probably either one of those two:


#3

thanks, I’m going to add it on owncloud/user_ldap, as it doesn’t seem to affect local users, only those created through user_ldap app.


#4

I don’t believe its a bug, but a maintenance step that I was missing. I’m not sure when this was added, as I’ve been running ownCloud since 6.0, with ldap and have never seen the behavior before.

Syncing Users

note: It’s also one of the commands that you should run on a regular basis to ensure that your ownCloud installation is running optimally.

sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy"

Data pulled from Syncing Users section on this page: https://doc.owncloud.org/server/10.0/admin_manual/configuration/server/occ_command.html


#5

Mhhh, but shouldn’t ownCloud know when a user has logged in the last time and keep the data up2date without manually doing some command like the posted one?