OCIS with Active Directory

ghachey · January 29, 2024, 1:12am

I could use some help in getting OCIS working with Active Directory.

Steps to reproduce

Deployed a working basic Active Directory on Windows Server 2022 [tested integration with other systems and working]
Installed OCIS version 4.0.5 (latest as of this writing) on Debian 12 following the Bare etal Installation with Systemd [tested and working with the embedded LDAP]
Attempted to integrate OCIS with Active Directory following [LDAP - Active Directory | ownCloud]

Expected behaviour

Login would work using a user from Active Directory

Actual behaviour

Internal Server Error

Server configuration

OCIS Server

Operating system: Debian 12
ownCloud Infinite Scale: version 4.0.5 (fresh install from scratch)

Reverse Proxy Server

Operating system: Debian 12
Web server: Apache (with Letsencrypt certbot)

OCIS configuration

Commented configuration lines show some slight variations in config I have tried.

OCIS_URL=https://cloud.example.com
PROXY_HTTP_ADDR=0.0.0.0:9200
PROXY_TLS=false
OCIS_INSECURE=false

OCIS_LOG_LEVEL=error
GRAPH_LOG_LEVEL=error
IDP_LOG_LEVEL=debug
PROXY_LOG_LEVEL=error
USERS_LOG_LEVEL=debug

OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

# Active Directory integration
OCIS_LDAP_URI=ldap://ad.example.com:389
OCIS_LDAP_INSECURE="true"
OCIS_LDAP_BIND_DN="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
OCIS_LDAP_BIND_PASSWORD=mypassword
#OCIS_LDAP_BIND_DN="CN=ownCloud Binder,OU=Service Accounts,DC=ad,DC=example,DC=com"
#OCIS_LDAP_BIND_PASSWORD=mypassword
OCIS_LDAP_DISABLE_USER_MECHANISM="none"
#OCIS_LDAP_GROUP_BASE_DN="CN=Groups,DC=ad,DC=example,DC=com"
OCIS_LDAP_GROUP_BASE_DN="CN=ownCloud Users,OU=Groups,DC=ad,DC=example,DC=com"
OCIS_LDAP_GROUP_OBJECTCLASS="group"
OCIS_LDAP_GROUP_SCHEMA_ID="objectGUID"
OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING="true"
OCIS_LDAP_GROUP_SCHEMA_GROUPNAME="cn"
#OCIS_LDAP_USER_BASE_DN="CN=Users,DC=ad,DC=example,DC=com"
OCIS_LDAP_USER_BASE_DN="DC=ad,DC=example,DC=com"
OCIS_LDAP_USER_OBJECTCLASS="user"
OCIS_LDAP_USER_SCHEMA_ID="objectGUID"
OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING="true"
OCIS_LDAP_USER_SCHEMA_USERNAME="sAMAccountName"
OCIS_LDAP_USER_ENABLED_ATTRIBUTE=Enabled # adding this got me further but with new errors somehow
OCIS_LDAP_LOGIN_ATTRIBUTES="sAMAccountName"
IDP_LDAP_LOGIN_ATTRIBUTE="sAMAccountName"
IDP_LDAP_UUID_ATTRIBUTE="objectGUID"
#IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary
IDP_LDAP_UUID_ATTRIBUTE_TYPE=text
GRAPH_LDAP_SERVER_WRITE_ENABLED="false"
OCIS_EXCLUDE_RUN_SERVICES=idm
OCIS_ADMIN_USER_ID="<the-actual-objectGUID-of-my-own-user-in-active-directory>"

Client configuration

Browser: Tried with Firefox/Chrome
Operating system: Windows 11

Logs

ownCloud log (data/owncloud.log)

I get losts of this one for all my attempted Active Directory integration configuration attempts.

Jan 29 08:23:14 hostname ocis[10050]: {"level":"debug","service":"idp","client_id":"<UUID>","known":true,"redirect_uri":"","trusted":false,"time":"2024-01-29T08:23:14.815638979+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier client lookup"}
Jan 29 08:23:14 hostname ocis[10050]: {"level":"error","service":"idp","error":"ldap identifier backend get user error: user does not exist or too many entries returned","time":"2024-01-29T08:23:14.820901051+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"IdentifierIdentityManager: fetch failed to get user from userID"}

But those below I only started getting those when I added OCIS_LDAP_USER_ENABLED_ATTRIBUTE=Enabled to configuration and seemingly got further.

Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"UNLOCK","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.951943003+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"REPORT","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.951953091+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"OPTIONS","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.951963089+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"POST","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.951973084+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"MOVE","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.951994315+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"DELETE","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.952004861+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"MKCOL","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.952014979+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"TRACE","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.952024666+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"GET","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.952034378+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:47 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","method":"CONNECT","route":"/*","middlewares":9,"time":"2024-01-29T08:23:47.952051031+08:00","line":"github.com/owncloud/ocis/v2/services/idp/pkg/service/v0/service.go:269","message":"serving endpoint"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/.well-known/openid-configuration","duration":0.423404,"bytes":1816,"time":"2024-01-29T08:23:58.53980142+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":302,"path":"/signin/v1/identifier/_/authorize","duration":0.313307,"bytes":0,"time":"2024-01-29T08:23:58.565398287+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier","duration":0.602636,"bytes":913,"time":"2024-01-29T08:23:58.573098725+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/css/8.ac8bee22.chunk.css","duration":0.226284,"bytes":1883,"time":"2024-01-29T08:23:58.61388211+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/css/main.23a06b80.chunk.css","duration":0.160094,"bytes":1972,"time":"2024-01-29T08:23:58.615859891+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/runtime-main.e4d9e19d.js","duration":0.198932,"bytes":2822,"time":"2024-01-29T08:23:58.61689922+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/8.db623e05.chunk.js","duration":0.649794,"bytes":307030,"time":"2024-01-29T08:23:58.618001097+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/main.db02c823.chunk.js","duration":0.144742,"bytes":6036,"time":"2024-01-29T08:23:58.618235327+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/media/background.7296b9ab.jpg","duration":0.29353,"bytes":88069,"time":"2024-01-29T08:23:58.632547186+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/media/inter.aadb65ac.ttf","duration":1.168918,"bytes":803384,"time":"2024-01-29T08:23:58.6434092+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/9.59d761ae.chunk.js","duration":0.267958,"bytes":26958,"time":"2024-01-29T08:23:58.696520636+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/identifier-main.f8c32709.chunk.js","duration":0.132813,"bytes":1828,"time":"2024-01-29T08:23:58.696920131+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/media/inter.aadb65ac.ttf","duration":1.192341,"bytes":803384,"time":"2024-01-29T08:23:58.698423307+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/0.2b291eb9.chunk.js","duration":0.317855,"bytes":88467,"time":"2024-01-29T08:23:58.723052981+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/10.d3ab2020.chunk.js","duration":0.272571,"bytes":49290,"time":"2024-01-29T08:23:58.72433325+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/containers-login.8a89c515.chunk.js","duration":0.181582,"bytes":22012,"time":"2024-01-29T08:23:58.724394053+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/all-i18n-data.c64abe28.chunk.js","duration":0.173139,"bytes":7566,"time":"2024-01-29T08:23:58.72884043+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/favicon.ico","duration":0.207886,"bytes":15086,"time":"2024-01-29T08:23:58.73488067+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/logo.svg","duration":0.119551,"bytes":9896,"time":"2024-01-29T08:23:58.748517353+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"POST","status":200,"path":"/signin/v1/identifier/_/hello","duration":0.59166,"bytes":86,"time":"2024-01-29T08:23:58.749415041+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:23:58 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/signin/v1/identifier/static/js/main.db02c823.chunk.js.map","duration":0.179954,"bytes":16634,"time":"2024-01-29T08:23:58.798048944+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","id":"objectGUID=%93%5B%05U%96%E7%E9L%9A%8A%10%A6%AB%05m%AA","username":"aduser","time":"2024-01-29T08:24:04.396376626+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"ldap identifier backend logon"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","client_id":"web","known":true,"redirect_uri":"https://cloud.example.com/oidc-callback.html","trusted":true,"time":"2024-01-29T08:24:04.402755101+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier client lookup"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"POST","status":200,"path":"/signin/v1/identifier/_/logon","duration":16.019282,"bytes":290,"time":"2024-01-29T08:24:04.403235023+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","client_id":"web","known":true,"redirect_uri":"https://cloud.example.com/oidc-callback.html","trusted":true,"time":"2024-01-29T08:24:04.438460066+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier client lookup"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":302,"path":"/signin/v1/identifier/_/authorize","duration":6.147409,"bytes":0,"time":"2024-01-29T08:24:04.438835557+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/.well-known/openid-configuration","duration":0.153206,"bytes":1816,"time":"2024-01-29T08:24:04.930903067+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:04 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","client_id":"web","known":true,"redirect_uri":"https://cloud.example.com/oidc-callback.html","trusted":true,"time":"2024-01-29T08:24:04.943280177+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50","message":"identifier client lookup"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"POST","status":200,"path":"/konnect/v1/token","duration":68.612244,"bytes":2457,"time":"2024-01-29T08:24:05.011658489+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/konnect/v1/userinfo","duration":8.915597,"bytes":241,"time":"2024-01-29T08:24:05.035518782+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/.well-known/openid-configuration","duration":0.172219,"bytes":1816,"time":"2024-01-29T08:24:05.0882301+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/konnect/v1/jwks.json","duration":0.370006,"bytes":1609,"time":"2024-01-29T08:24:05.101551013+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"idp","request-id":"","proto":"HTTP/1.1","method":"GET","status":200,"path":"/konnect/v1/userinfo","duration":8.435891,"bytes":241,"time":"2024-01-29T08:24:05.126256057+08:00","line":"github.com/owncloud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","method":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","time":"2024-01-29T08:24:05.169091382+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/internal/grpc/interceptors/auth/auth.go:122","message":"skipping auth"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","claim":"username","value":"aduser","time":"2024-01-29T08:24:05.16912977+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/user/manager/ldap/ldap.go:137","message":"GetUserByClaim"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","backend":"ldap","basedn":"DC=ad,DC=example,DC=com","filter":"(&(objectclass=user)(sAMAccountName=aduser))","scope":2,"time":"2024-01-29T08:24:05.169155572+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/utils/ldap/identity.go:217","message":"LDAP Search"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","entry":{"DN":"CN=AD User,CN=Users,DC=ad,DC=example,DC=com","Attributes":[{"Name":"displayName","Values":["AD User"],"ByteValues":["R2hpc2xhaW4gSGFjaGV5"]},{"Name":"objectGUID","Values":["\ufffd[\u0005U\ufffd\ufffd\ufffdL\ufffd\ufffd\u0010\ufffd\ufffd\u0005m\ufffd"],"ByteValues":["k1sFVZbn6UyaihCmqwVtqg=="]},{"Name":"sAMAccountName","Values":["aduser"],"ByteValues":["Z2hhY2hleQ=="]}]},"time":"2024-01-29T08:24:05.174381395+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/user/manager/ldap/ldap.go:144","message":"entries"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","backend":"ldap","basedn":"CN=ownCloud Users,OU=Groups,DC=ad,DC=example,DC=com","filter":"(&(objectclass=group)(member=CN=AD User,CN=Users,DC=ad,DC=example,DC=com))","scope":2,"time":"2024-01-29T08:24:05.174439636+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/utils/ldap/identity.go:349","message":"LDAP Search"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"e79e4bd58c282627639f94ccb8655076","user-agent":"grpc-go/1.57.0","from":"tcp://127.0.0.1:33840","uri":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","start":"29/Jan/2024:08:24:05 +0800","end":"29/Jan/2024:08:24:05 +0800","time_ns":6456835,"code":"OK","time":"2024-01-29T08:24:05.175576039+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/internal/grpc/interceptors/log/log.go:69","message":"unary"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"ocis","error":"error: not found: create container: error: not found: f1bdd61a-da7c-49fc-8203-0558109d1b4f!f1bdd61a-da7c-49fc-8203-0558109d1b4f/settings","time":"2024-01-29T08:24:05.18801412+08:00","message":"error initializing metadata client"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"ocis","error":"error: not found: create container: error: not found: f1bdd61a-da7c-49fc-8203-0558109d1b4f!f1bdd61a-da7c-49fc-8203-0558109d1b4f/settings","time":"2024-01-29T08:24:05.299342379+08:00","message":"error initializing metadata client"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"proxy","error":"{\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}","time":"2024-01-29T08:24:05.300212813+08:00","message":"Could not load roles"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"proxy","error":"{\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}","time":"2024-01-29T08:24:05.30044223+08:00","message":"Could not get user roles"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","method":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","time":"2024-01-29T08:24:05.313116436+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/internal/grpc/interceptors/auth/auth.go:122","message":"skipping auth"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","claim":"username","value":"aduser","time":"2024-01-29T08:24:05.313153508+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/user/manager/ldap/ldap.go:137","message":"GetUserByClaim"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","backend":"ldap","basedn":"DC=ad,DC=example,DC=com","filter":"(&(objectclass=user)(sAMAccountName=aduser))","scope":2,"time":"2024-01-29T08:24:05.313179689+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/utils/ldap/identity.go:217","message":"LDAP Search"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","entry":{"DN":"CN=AD User,CN=Users,DC=ad,DC=example,DC=com","Attributes":[{"Name":"displayName","Values":["AD User"],"ByteValues":["R2hpc2xhaW4gSGFjaGV5"]},{"Name":"objectGUID","Values":["\ufffd[\u0005U\ufffd\ufffd\ufffdL\ufffd\ufffd\u0010\ufffd\ufffd\u0005m\ufffd"],"ByteValues":["k1sFVZbn6UyaihCmqwVtqg=="]},{"Name":"sAMAccountName","Values":["aduser"],"ByteValues":["Z2hhY2hleQ=="]}]},"time":"2024-01-29T08:24:05.314607206+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/user/manager/ldap/ldap.go:144","message":"entries"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","backend":"ldap","basedn":"CN=ownCloud Users,OU=Groups,DC=ad,DC=example,DC=com","filter":"(&(objectclass=group)(member=CN=AD User,CN=Users,DC=ad,DC=example,DC=com))","scope":2,"time":"2024-01-29T08:24:05.314651885+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/pkg/utils/ldap/identity.go:349","message":"LDAP Search"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"debug","service":"users","pkg":"rgrpc","traceid":"0aa1a9f3a1372ec1213367eb20cc1384","user-agent":"grpc-go/1.57.0","from":"tcp://127.0.0.1:33840","uri":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","start":"29/Jan/2024:08:24:05 +0800","end":"29/Jan/2024:08:24:05 +0800","time_ns":2628008,"code":"OK","time":"2024-01-29T08:24:05.315760562+08:00","line":"github.com/cs3org/reva/v2@v2.16.4-0.20231220070538-82b93f6a66bc/internal/grpc/interceptors/log/log.go:69","message":"unary"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"ocis","error":"error: not found: create container: error: not found: f1bdd61a-da7c-49fc-8203-0558109d1b4f!f1bdd61a-da7c-49fc-8203-0558109d1b4f/settings","time":"2024-01-29T08:24:05.325834388+08:00","message":"error initializing metadata client"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"ocis","error":"error: not found: create container: error: not found: f1bdd61a-da7c-49fc-8203-0558109d1b4f!f1bdd61a-da7c-49fc-8203-0558109d1b4f/settings","time":"2024-01-29T08:24:05.436428115+08:00","message":"error initializing metadata client"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"proxy","error":"{\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}","time":"2024-01-29T08:24:05.438058497+08:00","message":"Could not load roles"}
Jan 29 08:24:05 ocis-hostname ocis[10079]: {"level":"error","service":"proxy","error":"{\"id\":\"go.micro.server\",\"code\":500,\"detail\":\"panic recovered: runtime error: invalid memory address or nil pointer dereference\",\"status\":\"Internal Server Error\"}","time":"2024-01-29T08:24:05.438083375+08:00","message":"Could not get user roles"}

Browser log

[UserManager] getUser: user loaded
[UserManager] signinSilentCallback: success
[UserManager] signinSilent: success, signed in subject IPBwJ9dpRWSxD
POST https://cloud.example.com/api/v0/settings/values-list [HTTP/1.1 500 Internal Server Error 154ms]

hodyroff · January 29, 2024, 2:01pm

You do need an OIDC service = ADFS only LDAP will not work.

ghachey · January 29, 2024, 7:13pm

Thanks for the reply. Does it mention this in the docs and I missed it? The only thing I could find were a few issues in this forum about people trying integration with Active Directory, it is the first time I see “ADFS” mentioned. If you don’t mind me asking, is this a simple matter of adding support for ADFS in a windows server? Thanks for the effort on this project looks promising!

hodyroff · January 31, 2024, 10:56am

Yes. To my understanding any AD Server can also do ADFS and therewith OIDC which we need and which will work with the newest 4.x and 5.x releases of ownCloud Infinite Scale.