New users are not synchronized with LDAP

Server
1

Steps to reproduce

  1. Add user to AD
  2. /occ ldap:check-user username
    The user is still available on LDAP.
  3. occ -vvv user:sync -m remove -r “OCA\User_LDAP\User_Proxy”
  4. Update page and search user - no matches

occ -vvv user:sync -u username “OCA\User_LDAP\User_Proxy”
If unknown users are found, what do you want to do with their accounts? (removing the account will also remove its data)
[0] disable
[1] remove
[2] ask later

2
Searching for username …
Exact match for user username not found in the backend.
These accounts that are no longer available in the backend:
username, , (no longer exists in the backend)
What do you want to do with their accounts? (removing the account will also remove its data)
[0] disable
[1] remove

Expected behaviour

User in the users list

Actual behaviour

No user in users list

Server configuration

Operating system: debian 10.12

Web server: apache2 2.4.38-3+deb10u7

Database: mysql Ver 15.1 Distrib 10.5.15-MariaDB,

PHP version: 7.3

ownCloud version: 10.10.0.3

Updated from an older ownCloud or fresh install: Updated

Where did you install ownCloud from: tarball

Signing status (ownCloud 9.0 and above): -

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

{
    "system": {
        "instanceid": "ocjghzrox8vu",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud-01",
            "cloud.site.ru"
        ],
        "logtimezone": "Europe\/Moscow",
        "datadirectory": "\/mnt\/data",
        "overwrite.cli.url": "https:\/\/cloud.site.ru",
        "dbtype": "mysql",
        "version": "10.10.0.3",
        "dbname": "owncloud",
        "dbhost": "mysql.site.ru",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\APCu",
        "trusted_proxies": [
            "192.168.200.24"
        ],
        "overwritehost": "cloud.site.ru",
        "overwriteprotocol": "https",
        "overwritewebroot": "\/",
        "redis": {
            "host": "127.0.0.1",
            "port": 6379
        },
        "theme": "",
        "maintenance": false,
        "loglevel": 2,
        "trashbin_retention_obligation": "auto",
        "updatechecker": false,
        "singleuser": false,
        "versions_retention_obligation": "auto",
        "cron_log": true,
        "allow_user_to_change_mail_address": "",
        "debug": false
    }
}

List of activated apps:

Enabled:
  - activity:
    - Version: 2.7.0
    - Path: /var/www/owncloud/apps/activity
  - bookmarks:
    - Version: 0.10.6
    - Path: /var/www/owncloud/apps/bookmarks
  - calendar:
    - Version: 1.6.4
    - Path: /var/www/owncloud/apps/calendar
  - comments:
    - Version: 0.3.0
    - Path: /var/www/owncloud/apps/comments
  - configreport:
    - Version: 0.2.1
    - Path: /var/www/owncloud/apps/configreport
  - contacts:
    - Version: 1.5.5
    - Path: /var/www/owncloud/apps/contacts
  - customgroups:
    - Version: 0.6.2
    - Path: /var/www/owncloud/apps/customgroups
  - dav:
    - Version: 0.7.0
    - Path: /var/www/owncloud/apps/dav
  - diagnostics:
    - Version: 0.1.4
    - Path: /var/www/owncloud/apps/diagnostics
  - federatedfilesharing:
    - Version: 0.5.0
    - Path: /var/www/owncloud/apps/federatedfilesharing
  - federation:
    - Version: 0.1.0
    - Path: /var/www/owncloud/apps/federation
  - files:
    - Version: 1.5.2
    - Path: /var/www/owncloud/apps/files
  - files_external:
    - Version: 0.9.0
    - Path: /var/www/owncloud/apps/files_external
  - files_mediaviewer:
    - Version: 1.0.5
    - Path: /var/www/owncloud/apps/files_mediaviewer
  - files_pdfviewer:
    - Version: 1.0.1
    - Path: /var/www/owncloud/apps/files_pdfviewer
  - files_sharing:
    - Version: 0.14.0
    - Path: /var/www/owncloud/apps/files_sharing
  - files_texteditor:
    - Version: 2.4.1
    - Path: /var/www/owncloud/apps/files_texteditor
  - files_trashbin:
    - Version: 0.9.1
    - Path: /var/www/owncloud/apps/files_trashbin
  - files_versions:
    - Version: 1.3.0
    - Path: /var/www/owncloud/apps/files_versions
  - firstrunwizard:
    - Version: 1.2.0
    - Path: /var/www/owncloud/apps/firstrunwizard
  - gallery:
    - Version: 16.1.2
    - Path: /var/www/owncloud/apps/gallery
  - impersonate:
    - Version: 0.5.1
    - Path: /var/www/owncloud/apps/impersonate
  - market:
    - Version: 0.6.3
    - Path: /var/www/owncloud/apps/market
  - metadata:
    - Version: 0.10.0
    - Path: /var/www/owncloud/apps/metadata
  - provisioning_api:
    - Version: 0.5.0
    - Path: /var/www/owncloud/apps/provisioning_api
  - systemtags:
    - Version: 0.3.0
    - Path: /var/www/owncloud/apps/systemtags
  - tasks:
    - Version: 0.9.7
    - Path: /var/www/owncloud/apps/tasks
  - templateeditor:
    - Version: 0.4.0
    - Path: /var/www/owncloud/apps/templateeditor
  - updatenotification:
    - Version: 0.2.1
    - Path: /var/www/owncloud/apps/updatenotification
  - user_ldap:
    - Version: 0.16.0
    - Path: /var/www/owncloud/apps/user_ldap
Disabled:
  - admin_audit:
    - Path: /var/www/owncloud/apps/admin_audit
  - announcementcenter:
    - Path: /var/www/owncloud/apps/announcementcenter
  - encryption:
    - Path: /var/www/owncloud/apps/encryption
  - enterprise_key:
    - Path: /var/www/owncloud/apps/enterprise_key
  - external:
    - Path: /var/www/owncloud/apps/external
  - files_antivirus:
    - Path: /var/www/owncloud/apps/files_antivirus
  - files_classifier:
    - Path: /var/www/owncloud/apps/files_classifier
  - files_external_dropbox:
    - Path: /var/www/owncloud/apps/files_external_dropbox
  - files_external_ftp:
    - Path: /var/www/owncloud/apps/files_external_ftp
  - files_ldap_home:
    - Path: /var/www/owncloud/apps/files_ldap_home
  - files_lifecycle:
    - Path: /var/www/owncloud/apps/files_lifecycle
  - firewall:
    - Path: /var/www/owncloud/apps/firewall
  - graphapi:
    - Path: /var/www/owncloud/apps/graphapi
  - guests:
    - Path: /var/www/owncloud/apps/guests
  - metrics:
    - Path: /var/www/owncloud/apps/metrics
  - notifications:
    - Path: /var/www/owncloud/apps/notifications
  - oauth2:
    - Path: /var/www/owncloud/apps/oauth2
  - openidconnect:
    - Path: /var/www/owncloud/apps/openidconnect
  - password_policy:
    - Path: /var/www/owncloud/apps/password_policy
  - ransomware_protection:
    - Path: /var/www/owncloud/apps/ransomware_protection
  - sharepoint:
    - Path: /var/www/owncloud/apps/sharepoint
  - systemtags_management:
    - Path: /var/www/owncloud/apps/systemtags_management
  - theme-enterprise:
    - Path: /var/www/owncloud/apps/theme-enterprise
  - user_external:
    - Path: /var/www/owncloud/apps/user_external
  - user_shibboleth:
    - Path: /var/www/owncloud/apps/user_shibboleth
  - web:
    - Path: /var/www/owncloud/apps/web
  - windows_network_drive:
    - Path: /var/www/owncloud/apps/windows_network_drive
  - wopi:
    - Path: /var/www/owncloud/apps/wopi
  - workflow:
    - Path: /var/www/owncloud/apps/workflow

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: ActiveDirectory

LDAP configuration (delete this part if not used)

+-------------------------------+----------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                              |
+-------------------------------+----------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                            |
| hasPagedResultSupport         |                                                                                              |
| homeFolderNamingRule          |                                                                                              |
| lastJpegPhotoLookup           | 0                                                                                            |
| ldapAgentName                 | CN=ldapproxy,CN=Users,DC=site,DC=ru                                                          |
| ldapAgentPassword             | ***                                                                                          |
| ldapAttributesForGroupSearch  |                                                                                              |
| ldapAttributesForUserSearch   |                                                                                              |
| ldapBackupHost                |                                                                                              |
| ldapBackupPort                |                                                                                              |
| ldapBase                      | OU=Users,DC=site,DC=ru                                                          |
| ldapBaseGroups                | DC=site,DC=ru                                                                                |
| ldapBaseUsers                 | DC=site,DC=ru                                                                                |
| ldapCacheTTL                  | 600                                                                                          |
| ldapConfigurationActive       | 1                                                                                            |
| ldapDynamicGroupMemberURL     |                                                                                              |
| ldapEmailAttribute            | mail                                                                                         |
| ldapExperiencedAdmin          | 0                                                                                            |
| ldapExpertUUIDGroupAttr       |                                                                                              |
| ldapExpertUUIDUserAttr        | objectguid                                                                                   |
| ldapExpertUsernameAttr        | samaccountname                                                                               |
| ldapGroupDisplayName          | cn                                                                                           |
| ldapGroupFilter               |                                                                                              |
| ldapGroupFilterGroups         |                                                                                              |
| ldapGroupFilterMode           | 1                                                                                            |
| ldapGroupFilterObjectclass    |                                                                                              |
| ldapGroupMemberAlgo           | groupScan                                                                                    |
| ldapGroupMemberAssocAttr      | uniqueMember                                                                                 |
| ldapHost                      | site.ru                                                                                      |
| ldapIgnoreNamingRules         |                                                                                              |
| ldapLoginFilter               | (&(&(|(objectclass=person)))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes     |                                                                                              |
| ldapLoginFilterEmail          | 1                                                                                            |
| ldapLoginFilterMode           | 1                                                                                            |
| ldapLoginFilterUsername       | 1                                                                                            |
| ldapNestedGroups              | 0                                                                                            |
| ldapNetworkTimeout            | 2                                                                                            |
| ldapOverrideMainServer        | 0                                                                                            |
| ldapPagingSize                | 500                                                                                          |
| ldapPort                      | 389                                                                                          |
| ldapQuotaAttribute            |                                                                                              |
| ldapQuotaDefault              |                                                                                              |
| ldapTLS                       | 0                                                                                            |
| ldapUserDisplayName           | displayname                                                                                  |
| ldapUserDisplayName2          |                                                                                              |
| ldapUserFilter                | (&(|(objectclass=person))(|(mail=*)))                                                        |
| ldapUserFilterGroups          |                                                                                              |
| ldapUserFilterMode            | 1                                                                                            |
| ldapUserFilterObjectclass     | person                                                                                       |
| ldapUserName                  | samaccountname                                                                               |
| ldapUuidGroupAttribute        | auto                                                                                         |
| ldapUuidUserAttribute         | auto                                                                                         |
| turnOffCertCheck              | 1                                                                                            |
| useMemberOfToDetectMembership | 0                                                                                            |
+-------------------------------+----------------------------------------------------------------------------------------------+

ownCloud log (data/owncloud.log)

No errors in log
2

Maybe set the cache to 1 and try the sync again?

Are existing users available but new users not? Is that the problem?

Best Regards

Dmitry

3

Changing the TTL to 1 did not affect the problem.
Existing AD users are available, new AD users are not available in owncloud.
Also, synchronization of individual users does not work even for existing users

occ -vvv user:sync -u username “OCA\User_LDAP\User_Proxy”
If unknown users are found, what do you want to do with their accounts? (removing the account will also remove its data)
[0] disable
[1] remove
[2] ask later
2
Searching for username …
Exact match for user username not found in the backend.
These accounts that are no longer available in the backend:
username, , (no longer exists in the backend)
What do you want to do with their accounts? (removing the account will also remove its data)
[0] disable
[1] remove
4

Based on your configuration, make sure all your users have both a displayname and a mail set, they might be ignored otherwise.

5

New users have the same set of attributes as existing users

6

As far as I know, new AD users have to log in once before they show up in the user list.

7

could you scroll down the user list and check whether the user is there? Maybe threre is a problem with the search functionality, and it might be searching using a different attribute.

8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.