search

nextcloud / calendar

📆 Calendar app for Nextcloud
https://apps.nextcloud.com/apps/calendar
GNU Affero General Public License v3.0
972 stars 238 forks source link

LDAP users cannot access calendars shared with LDAP group from CalDAV clients? #6374

Open tromlet opened 3 days ago

tromlet commented 3 days ago

Steps to reproduce

  1. Create a calendar.
  2. Share it with an LDAP group.
  3. Connect to it using EITHER the internal or external share links, and an LDAP user's credentials.

Expected behavior

The user should either be able to see the calendar, or be denied from seeing the calendar, based on their LDAP group membership and the LDAP group permissions settings of the calendar. Additionally, a user's access to the calendar (read-only vs. able to create and edit events) should be determined based on the nature of the permissions granted to them via the LDAP group permissions settings granted in Nextcloud.

Actual behaviour

In Mozilla Thunderbird, with the internal share link, users are unable to use their LDAP credentials to access those calendars, they get an error message:

Could not find calendars at this location. Please check your settings.

The EXTERNAL share link, however, seems to work, although then the calendar it finds is named something ridiculous. For example, instead of "Sales", it's discovered as "uKQXwOxjRfTd", which is... entirely unhelpful. No events show up.

Calendar app version

4.7.16

CalDAV-clients used

Thunderbird Lightning, Outlook CalDav Synchronizer, iOS Calendars, Simple Calendar

Browser

Firefox 130.0, Brave 1.68.141

Client operating system

Windows 10 Pro x64, Linux Mint 21.3

Server operating system

CentOS 7

Web server

Apache

Database engine version

MariaDB

PHP engine version

PHP 8.1

Nextcloud version

28.0.7

Updated from an older installed version or fresh install

Updated from an older version

List of activated apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - appointments: 2.1.10
  - bruteforcesettings: 2.8.0
  - calendar: 4.7.16
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contacts: 5.5.3
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.2
  - external: 5.3.1
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_external: 1.20.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - forms: 4.2.4
  - groupfolders: 16.0.9
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - maps: 1.4.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - onlyoffice: 9.4.0
  - otpmanager: 0.5.4
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - secrets: 2.1.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - text: 3.9.2
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - user_ldap: 1.19.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - encryption: 2.16.0
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - suspicious_login: 6.0.0
  - twofactor_totp: 10.0.0-beta.2
  - user_saml: 6.2.0 (installed 6.2.0)

Nextcloud configuration

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "server.example.com",
            "nextcloud.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "28.0.7.4",
        "overwrite.cli.url": "https:\/\/nextcloud.example.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "theme": "",
        "loglevel": 2,
        "default_phone_region": "US",
        "onlyoffice": {
            "verify_peer_off": true,
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "Authorization"
        },
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "defaultapp": ""
    }
}

Web server error log

No response

Log file

No response

Browser log

No response

Additional info

No response

tromlet commented 3 days ago

(I have actually captured the apache logs and the nextcloud.log, I didn't upload them because of sensitive information)