search

nextcloud / all-in-one

📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
https://hub.docker.com/r/nextcloud/all-in-one
GNU Affero General Public License v3.0
5.45k stars 629 forks source link

Group mapping not working with LLDAP as user backend #4452

Closed funbotan closed 7 months ago

funbotan commented 7 months ago

Steps to reproduce

  1. Set up Nextcloud AIO with LLDAP as the user and group backend, for example, with this Compose configuration:

    lldap:
image: lldap/lldap:stable
container_name: lldap
ports:
  - "17170:17170"
expose:
  - 3890
environment:
  LLDAP_JWT_SECRET: ${LDAP_JWT_SECRET}
  LLDAP_KEY_SEED: ${LDAP_KEY_SEED}
  LLDAP_LDAP_BASE_DN: dc=${DC}
  LLDAP_DATABASE_URL: postgres://lldap:${POSTGRES_PASSWORD}@lldapdb/lldap
  LLDAP_HTTP_URL: ${LLDAP_URL}
  LLDAP_LDAP_USER_PASS: ${LDAP_ADMIN_PASSWORD}
networks:
  - ldap
  - nextcloud-aio
depends_on:
  - lldapdb

lldapdb:
image: postgres:16
container_name: lldapdb
volumes:
  - lldap-db:/var/lib/postgresql/data
expose:
  - 5432
environment:
  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
  POSTGRES_USER: lldap
  POSTGRES_DB: lldap
networks:
  - ldap
healthcheck:
  test: pg_isready -d lldap -U lldap
  interval: 10s
  timeout: 5s
  retries: 3
  start_period: 5s

nextcloud:
image: nextcloud/all-in-one:latest
init: true
container_name: nextcloud-aio-mastercontainer
volumes:
  - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
  - /var/run/docker.sock:/var/run/docker.sock:ro
ports:
  - "8080:8080"
environment:
  APACHE_PORT: 11000
  APACHE_IP_BINDING: 127.0.0.1
  BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6
  NEXTCLOUD_DATADIR: /mnt/ncdata
  NEXTCLOUD_MOUNT: /mnt/
  NEXTCLOUD_UPLOAD_LIMIT: 10G
  NEXTCLOUD_MAX_TIME: 3600
  NEXTCLOUD_MEMORY_LIMIT: 1024M
  NEXTCLOUD_STARTUP_APPS: user_ldap deck tasks calendar twofactor_totp
  NEXTCLOUD_ADDITIONAL_APKS: imagemagick
  NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick
  NEXTCLOUD_KEEP_DISABLED_APPS: true
  TALK_PORT: 3478
networks:
  - nextcloud-aio
  2. Set up the connection between NC and LLDAP following these instructions
  3. Run docker exec --user www-data -it nextcloud-aio-nextcloud php occ group:list

Expected behavior

All groups created in LLDAP and not explicitly excluded in the integration app should be available from Nextcloud.

Actual behavior

When I set up the LDAP connection through the LDAP/AD integration app, clicking "Verify settings and count the groups" returns the correct number of groups, which are also visible in the list above. However, they are not visible either in Nextcloud or OCC. The group list only shows the internal LLDAP groups (lldap_admin, lldap_password_manager & lldap_strict_readonly), but no custom groups. Because of this, I suspect this is an issue with Nextcloud (not necessarily AIO) rather than LLDAP, but I could be wrong about that.

Host OS

Ubuntu 22.04.4 LTS

Nextcloud AIO version

v8.0.0

Current channel

latest

szaimen commented 7 months ago

Hi, please open an issue here: https://github.com/nextcloud/server/issues