OpenLDAP login - some users have personal folder other don't

limpinho · November 14, 2025, 9:03pm

Steps to reproduce

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

Server configuration

Operating system:

Web server:

Database:

PHP version:

ownCloud version: (see ownCloud admin page)

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

limpinho · November 17, 2025, 10:49am

Hello Robert, thank you very much for your reply.

We do not have these attributes, nor will we be able to have them. We only have the uid that exists in all users, as it would not even log in.
The filters I have defined are configured to allow only users from a specific group. I will send the configuration shortly.
I am using the GitHub example - ocis_full, and these commands do not work in the container. I had a lot of difficulty using my own certificates. Would be nice to have some instruction in future.
Running the Docker logs for the ocis container, I only get this message
ERR resolve space id index entry, skipping error=“internal error: malformed link” id=line=wncloud/reva/v2@v2.0.0-20251001134122-cb98fe521deb/pkg/storage/utils/decomposedfs/spaces go:441 pkg=rgrpc service=storage-users traceid=60510f93a11777cc247673b8d6c3d755
We are not using external storage.

yml config

OCIS_LDAP_GROUP_BASE_DN: “ou=Groups,dc=xxx,dc=xx”
GRAPH_LDAP_GROUP_NAME_ATTRIBUTE: “owncloud”
OCIS_LDAP_GROUP_OBJECTCLASS: “groupOfNames”
OCIS_LDAP_USER_BASE_DN: “ou=People,dc=xx,dc=xx”
OCIS_LDAP_USER_FILTER: “(memberof=cn=owncloud,ou=groups,dc=xx,dc=xx)”
OCIS_LDAP_USER_OBJECTCLASS: “Person”
LDAP_LOGIN_ATTRIBUTES: “uid”
IDP_USER_ENABLED_ATTRIBUTE: “”
IDP_LDAP_LOGIN_ATTRIBUTE: “uid”
OCIS_LDAP_USER_SCHEMA_ID: “uid”
IDP_LDAP_UUID_ATTRIBUTE: “uid”
OCIS_LDAP_DISABLE_USER_MECHANISM: “none”
OCIS_LDAP_SERVER_WRITE_ENABLED: false
OCIS_EXCLUDE_RUN_SERVICES: “idm”

If I change OCIS_LDAP_USER_SCHEMA_ID: ‘uid’ to ‘mail’, users already have a personal folder, but I cannot change a user’s role to Space admin, for example.

Logs :

ERR resolve space id index entry, skipping error=“internal error: malformed link” id= line=m/owncloud/reva/v2@v2.0.0-20251001134122-cb98fe521deb/pkg/storage/utils/decomposedfs/spaces.go:441 pkg=rgrpc service=storage-users
WRN Group is missing name or id dn=cn=owncloud,ou=Groups,dc=xx,dc=xx line=github.com/owncloud/ocis/v2/services/graph/pkg/identity/ldap_group.go:579 service=graph

minime2 · November 17, 2025, 6:04pm

@limpinho Please take the responses of that user with a grain of salt as everything indicates that this is an AI powered spambot:

kobergj · November 20, 2025, 10:43am

@limpinho sorry maybe I missed important information. What actually is the problem? From the subject it seems like “some” users dont have a personal space. Can you double check if those users have logged in at least once? The personal space is only created on login. If the user hasn’t logged in, they will not have a personal space.

limpinho · November 20, 2025, 11:00am

Yes, the user has logged in.
The problem is very strange because some users do not have personal folders. There are no differences between users. It seems to be a problem reading the uid but the user are from the same open-ldap server.