search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
26.89k stars 4.01k forks source link

Federation sharing to LDAP-groups fails #25409

Closed kingfisher77 closed 3 years ago

kingfisher77 commented 3 years ago

How to use GitHub

Steps to reproduce

  1. Federation share from nextcloud1.example.com to ldap-group@nextcloud2.example.com
  2. Choose the presented entry ldap-group on nextcloud2.example.com
  3. Flyout "Error creating the share appears"

Sharing Folders or Files via Federation to an Ldap Group results in an Frontend error "Error creating the share".

It is a Samba AD-LDAP. Sharing to LDAP-Groups and LDAP-Users on the target machine works. It is just the addressing like

ldap-group@nextcloud.example.com or ldap-group@https://nextcloud.example.com

is not working. ldap-user@nextcloud.example.com works.

No error logs in nextlcoud.log, php-Log or nginx-Log.

Expected behaviour

File or folder should be shared with LDAP-Grup member form target server.

Actual behaviour

A Flyout appears with the message "Error creating the share appears"

Server configuration

Nextcloud version: 20.0.6 Operating system and version: CentOS 8 PostgreSQL 12 Apache or nginx version: 1.14.1 PHP version: 7.4.14

Updated from an older Nextcloud/ownCloud or fresh install: regular updates since fresh install with version 20.

Where did you install Nextcloud from: tar.gz

Signing status:

Signing status ``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. No errors have been found. ```

List of activated apps:

App list ``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your Nextcloud installation folder Enabled: - accessibility: 1.6.0 - activity: 2.13.4 - admin_audit: 1.10.0 - bookmarks: 4.0.8 - breezedark: 20.0.3 - bruteforcesettings: 2.0.1 - circles: 0.20.6 - cloud_federation_api: 1.3.0 - comments: 1.10.0 - contactsinteraction: 1.1.0 - dashboard: 7.0.0 - dav: 1.16.2 - federatedfilesharing: 1.10.2 - federation: 1.10.1 - files: 1.15.0 - files_accesscontrol: 1.10.1 - files_downloadactivity: 1.9.0 - files_external: 1.11.1 - files_pdfviewer: 2.0.1 - files_rightclick: 0.17.0 - files_sharing: 1.12.2 - files_trashbin: 1.10.1 - files_versions: 1.13.0 - files_videoplayer: 1.9.0 - flowupload: 1.1.2 - groupfolders: 8.2.0 - guests: 1.6.2 - login_notes: 0.3.0 - logreader: 2.5.0 - lookup_server_connector: 1.8.0 - metadata: 0.12.0 - nextcloud_announcements: 1.9.0 - notes: 4.0.2 - notifications: 2.8.0 - oauth2: 1.8.0 - onlyoffice: 6.2.0 - password_policy: 1.10.1 - photos: 1.2.3 - piwik: 0.7.0 - polls: 1.6.3 - privacy: 1.4.0 - provisioning_api: 1.10.0 - serverinfo: 1.10.0 - settings: 1.2.0 - sharebymail: 1.10.0 - side_menu: 1.21.0 - spreed: 10.0.5 - support: 1.3.0 - systemtags: 1.10.0 - talk_simple_poll: 1.2.0 - terms_of_service: 1.6.1 - text: 3.1.0 - theming: 1.11.0 - twofactor_backupcodes: 1.9.0 - updatenotification: 1.10.0 - user_ldap: 1.10.2 - user_status: 1.0.1 - weather_status: 1.0.0 - workflowengine: 2.2.0 ```

Nextcloud configuration:

Config report ``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "nextcloud.example.com" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "pgsql", "version": "20.0.6.1", "overwrite.cli.url": "https:\/\/box.shift.agency\/", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "nc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "log_type": "file", "logfile": "\/mnt\/nextcloud\/data\/nextcloud.log", "loglevel": "1", "log_rotate_size": 10485760, "allow_local_remote_servers": "true", "memcache.local": "\\OC\\Memcache\\APCu", "memcache.locking": "\\OC\\Memcache\\Redis", "filelocking.enabled": "true", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": "0", "timeout": "0.0", "dbindex": 0 }, "enable_previews": "true", "enabledPreviewProviders": [ "OC\\Preview\\PNG", "OC\\Preview\\JPEG", "OC\\Preview\\GIF", "OC\\Preview\\BMP", "OC\\Preview\\XBitmap", "OC\\Preview\\Movie", "OC\\Preview\\PDF", "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown" ], "preview_max_x": "1024", "preview_max_y": "768", "preview_max_scale_factor": "1", "auth.bruteforce.protection.enabled": "true", "trashbin_retention_obligation": "auto, 7", "skeletondirectory": "", "defaultapp": "file", "activity_expire_days": "14", "integrity.check.disabled": "false", "updater.release.channel": "stable", "default_language": "de", "default_locale": "de_DE", "simpleSignUpLink.shown": false, "login_form_autocomplete": false, "logtimezone": "Europe\/Berlin", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_smtpauthtype": "PLAIN", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "tls", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "mail_sendmailmode": "smtp", "maintenance": false, "theme": "", "app_install_overwrite": [ "limit_login_to_ip", "mindmap_app" ] } } …) ```

Are you using external storage, if yes which one: local/smb/sftp/... Yes, samba shares as external storage.

Are you using encryption: yes/no Yes on nextcloud1.example.com No on nextcloud2.example.com

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... Yes, Samba AD.

LDAP configuration (delete this part if not used)

LDAP config ``` +-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 0 | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | LDAP-DN | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | LDAP-DN | | ldapBaseGroups | LDAP-DN | | ldapBaseUsers | LDAP-DN | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | samaccountname | | ldapExpertUsernameAttr | | | ldapExtStorageHomeAttribute | | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | objectclass=group | | ldapGroupFilterGroups | Group-Names | | ldapGroupFilterMode | 1 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | member | | ldapHost | ldaps://dc1.ad.example.com | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(|(memberOf=CN=Group-Name,OU=Groups,DC=ad,DC=example,DC=com)(memberOf=CN=Group-Name,OU=Groups,DC=ad,DC=example,DC=com))(|(samaccountname=%uid)(mail=%uid))) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 1 | | ldapLoginFilterMode | 1 | | ldapLoginFilterUsername | 1 | | ldapMatchingRuleInChainState | unknown | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 636 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserAvatarRule | default | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (|(memberOf=CN=Group-Name,OU=Groups,DC=ad,DC=example,DC=com)(memberOf=CN=Group-Name,OU=Groups,DC=ad,DC=example,DC=com)) | | ldapUserFilterGroups | | | ldapUserFilterMode | 1 | | ldapUserFilterObjectclass | person | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+ ```

Client configuration

Browser: Chrome Operating system: macOS

Logs

Web server error log

Web server error log ``` Insert your webserver log here ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` Insert your Nextcloud log here ```

Browser log

Browser log ``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... ```
kingfisher77 commented 3 years ago

Hi, feels anyone responsible for this question? Did i formulated the question/bug wrong? Do you need more information? Which? Thank you! :-)

szaimen commented 3 years ago

Is this Issue still valid in NC21.0.2? If not, please close this issue. Thanks! :)

ghost commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.