ownCloud 10.13.1 (stable) Not mount external share using AD group

Steps to reproduce

  1. Fresh install on Owncloud
  2. Setup LDAP working with AD
  3. Add external storage support
  4. Configure storage with SMB personal to only be available for certain AD groups
  5. Verify when use logs in that the share is showing available in All Files

Expected behaviour

Have LDAP authenticating correctly in User Authentication and I am mounting using SMB Personal and verifying permissions using AD groups. The expected behavior would be that when a user logs in, if they are apart of the AD group the external share mounts to their all files folder, and if not it doesn’t.

Actual behaviour

Instead the Storage tab will say that the “External mount has been added successfully”, but will not mount to users all files folder. If I remove the AD group in the “Available For” field it will mount correctly in the users all files, but also for everyone else.

Server configuration

Operating system:
Ubuntu 22.04.3 LTS
Web server:
ownCloud 10.13.1 (stable)
Database:
mysql-common 5.8+1.0.8
PHP version:
7.4.33-8
ownCloud version: (see ownCloud admin page)
ownCloud 10.13.1 (stable)
Updated from an older ownCloud or fresh install:
Fresh install
Where did you install ownCloud from:
Ubuntu 22.04 installation in Owncloud Admin guide
Signing status (ownCloud 9.0 and above):
yes

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

No errors have been found.

The content of config/config.php:

<?php $CONFIG = array ( 'passwordsalt' => '', 'secret' => '', 'trusted_domains' => array ( 0 => 'localhost', 1 => '', 2 => '', ), 'datadirectory' => '/var/www/owncloud/data', 'overwrite.cli.url' => 'http://localhost', 'dbtype' => 'mysql', 'version' => '10.13.1.3', 'dbname' => '', 'dbconnectionstring' => '', 'dbhost' => 'localhost', 'dbtableprefix' => '', 'mysql.utf8mb4' => true, 'dbuser' => '', 'dbpassword' => '', 'allow_user_to_change_mail_address' => '', 'logtimezone' => 'UTC', 'apps_paths' => array ( 0 => array ( 'path' => '/var/www/owncloud/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/owncloud/apps-external', 'url' => '/apps-external', 'writable' => true, ), ), 'installed' => true, 'instanceid' => '', 'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '127.0.0.1', 'port' => '6379', ), 'ldapIgnoreNamingRules' => false, 'mail_domain' => '', 'mail_from_address' => '', 'mail_smtpmode' => '', 'mail_smtpsecure' => '', 'mail_smtpauthtype' => '', 'mail_smtpauth' => , 'mail_smtphost' => '', 'mail_smtpport' => '', 'loglevel' => 0, ); ``` **List of activated apps:** ``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your ownCloud installation folder. ``` Enabled: - announcementcenter: - Version: 1.2.2 - Path: /var/www/owncloud/apps/announcementcenter - comments: - Version: 0.3.0 - Path: /var/www/owncloud/apps/comments - configreport: - Version: 0.2.2 - Path: /var/www/owncloud/apps/configreport - dav: - Version: 0.7.0 - Path: /var/www/owncloud/apps/dav - diagnostics: - Version: 0.2.0 - Path: /var/www/owncloud/apps/diagnostics - duo: - Version: 2.5.2 - Path: /var/www/owncloud/apps/duo - federatedfilesharing: - Version: 0.5.0 - Path: /var/www/owncloud/apps/federatedfilesharing - files: - Version: 1.6.0 - Path: /var/www/owncloud/apps/files - files_antivirus: - Version: 1.2.2 - Path: /var/www/owncloud/apps/files_antivirus - files_external: - Version: 0.9.0 - Path: /var/www/owncloud/apps/files_external - files_mediaviewer: - Version: 1.0.5 - Path: /var/www/owncloud/apps/files_mediaviewer - files_pdfviewer: - Version: 1.0.1 - Path: /var/www/owncloud/apps/files_pdfviewer - files_texteditor: - Version: 2.6.0 - Path: /var/www/owncloud/apps/files_texteditor - files_trashbin: - Version: 0.9.1 - Path: /var/www/owncloud/apps/files_trashbin - files_versions: - Version: 1.3.0 - Path: /var/www/owncloud/apps/files_versions - firstrunwizard: - Version: 1.3.0 - Path: /var/www/owncloud/apps/firstrunwizard - market: - Version: 0.8.0 - Path: /var/www/owncloud/apps/market - notifications: - Version: 0.6.0 - Path: /var/www/owncloud/apps/notifications - provisioning_api: - Version: 0.5.0 - Path: /var/www/owncloud/apps/provisioning_api - systemtags: - Version: 0.3.0 - Path: /var/www/owncloud/apps/systemtags - templateeditor: - Version: 0.4.0 - Path: /var/www/owncloud/apps/templateeditor - user_external: - Version: 0.6.0 - Path: /var/www/owncloud/apps/user_external - user_ldap: - Version: 0.18.0 - Path: /var/www/owncloud/apps/user_ldap **Are you using external storage, if yes which one:** local/smb/sftp/... yes, \OCA\Files_External\Lib\Storage\SMB **Are you using encryption:** yes/no yes **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... LDAP #### LDAP configuration (delete this part if not used) ``` With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your ownCloud installation folder +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | | +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | | | ldapAgentPassword | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | | | ldapBaseGroups | | | ldapBaseUsers | | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertGroupnameAttr | | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | objectguid | | ldapExpertUsernameAttr | SamAccountName | | ldapGroupDisplayName | cn | | ldapGroupFilter | | | ldapGroupFilterGroups | | | ldapGroupFilterMode | 1 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAlgo | groupScan | | ldapGroupMemberAssocAttr | member | | ldapHost | | | ldapIgnoreNamingRules | | | ldapLoginFilter | | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 1 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 1 | | ldapNetworkTimeout | 15 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserDisplayName | cn | | ldapUserDisplayName2 | | | ldapUserFilter | | | ldapUserFilterGroups | | | ldapUserFilterMode | 1 | | ldapUserFilterObjectclass | person | | ldapUserName | samaccountname | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | useMemberOfToDetectMembership | 1 ``` ### Client configuration **Browser:** chrome **Operating system:** Windows 10 ### Logs #### Web server error log ``` No error ``` #### ownCloud log (data/owncloud.log) ``` {"reqId":"","level":0,"time":"2023-10-23T15:03:12+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:12+00:00","remoteAddr":"","user":"","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateTokenActivity","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"updating activity of token 15 to 1698073392"} {"reqId":"","level":0,"time":"2023-10-23T15:03:12+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:17+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"PUT","url":"\/index.php\/apps\/files_external\/globalstorages\/7","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:17+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"PUT","url":"\/index.php\/apps\/files_external\/globalstorages\/7","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:17+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"PUT","url":"\/index.php\/apps\/files_external\/globalstorages\/7","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:21+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/logout?requesttoken=","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:21+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/logout?requesttoken=","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:21+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/logout?requesttoken=","message":"token with token id 15 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:21+00:00","remoteAddr":"","user":"","app":"OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken","method":"GET","url":"\/index.php\/logout?requesttoken=","message":"invalidating token "} {"reqId":"","level":0,"time":"2023-10-23T15:03:21+00:00","remoteAddr":"","user":"--","app":"OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken","method":"GET","url":"\/index.php\/login","message":"invalidating token "} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"OC\\User\\Session::login","method":"POST","url":"\/index.php\/login","message":"regenerating session id for uid , password set"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"OC\\User\\Session::validateToken","method":"POST","url":"\/index.php\/login","message":"token , not found"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Abandoning paged search - last cookie: '', cookies: <>"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Page response cookie '' at -0, estimated<0>"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"Abandoning paged search - last cookie: '', cookies: <''>"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"No LDAP quota attribute configured"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"No LDAP quota default configured"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"using quota <> for user <>"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"No LDAP quota attribute configured"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"No LDAP quota default configured"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"POST","url":"\/index.php\/login","message":"using quota <> for user <>"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"OC\\Authentication\\LoginPolicies\\GroupLoginPolicy policy registered"} {"reqId":"","level":1,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"--","app":"OC\\User\\Session::loginInOwnCloud","method":"POST","url":"\/index.php\/login","message":"login using \"password\" login type"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\Authentication\\Token\\DefaultTokenProvider::generateToken","method":"POST","url":"\/index.php\/login","message":"generating token , uid , loginName , pwd set, name Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/118.0.0.0 Safari\/537.36, type temporary"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=0fc0eb1e728bf1e19cb4057d5f0e8f59","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=0fc0eb1e728bf1e19cb4057d5f0e8f59","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=0fc0eb1e728bf1e19cb4057d5f0e8f59","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/core\/js\/oc.js?v=0fc0eb1e728bf1e19cb4057d5f0e8f59","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"PROPFIND","url":"\/remote.php\/dav\/files\/\/","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/ajax\/getstoragestats.php?dir=%2F","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/ajax\/getstoragestats.php?dir=%2F","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/apps\/files\/ajax\/getstoragestats.php?dir=%2F","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/index.php\/avatar\/\/28","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v1.php\/apps\/files_external\/api\/v1\/mounts?format=json","message":"token with token id 16 found, validating"} {"reqId":"","level":0,"time":"2023-10-23T15:03:29+00:00","remoteAddr":"","user":"","app":"OC\\User\\Session::validateToken","method":"GET","url":"\/ocs\/v1.php\/apps\/files_external\/api\/v1\/mounts?format=json","message":"token with token id 16 found, validating"}

Confirmed. I’ve opened applicable LDAP groups not working properly on external storages · Issue #41062 · owncloud/core · GitHub

Taking into account that you use AD, as a possible workaround, you could use the “SAMAccountName” attribute as group’s displayname (in the advanced tab) and as groupname (in the expert tab)
I assume the “SAMAccountName” provides decent readability to be used as displayname and be unique enough to be used as groupname.

In any case, you won’t be able to change the displayname attribute until the issue is fixed.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.