Cron LDAP: Trying to access array offset on value of type bool at /apps/user_ldap/lib/Access.php

[siimaarmaa]

user_ldap app spamming this error every refresh

Error: Trying to access array offset on value of type bool at /var/www/html/nextcloud/apps/user_ldap/lib/Access.php#564
/var/www/html/nextcloud/apps/user_ldap/lib/Access.php - line 564:

OC\Log\ErrorHandler::onError()

/var/www/html/nextcloud/apps/user_ldap/lib/Access.php - line 505:

OCA\User_LDAP\Access->dn2ocname()

/var/www/html/nextcloud/apps/user_ldap/lib/Group_LDAP.php - line 952:

OCA\User_LDAP\Access->dn2username()

/var/www/html/nextcloud/apps/user_ldap/lib/Group_Proxy.php - line 153:

OCA\User_LDAP\Group_LDAP->usersInGroup()

/var/www/html/nextcloud/apps/user_ldap/lib/Jobs/UpdateGroups.php - line 150:

OCA\User_LDAP\Group_Proxy->usersInGroup()

/var/www/html/nextcloud/apps/user_ldap/lib/Jobs/UpdateGroups.php - line 105:

OCA\User_LDAP\Jobs\UpdateGroups->handleKnownGroups()

/var/www/html/nextcloud/apps/user_ldap/lib/Jobs/UpdateGroups.php - line 89:

OCA\User_LDAP\Jobs\UpdateGroups->updateGroups("*** sensiti ... *")

/var/www/html/nextcloud/lib/private/BackgroundJob/Job.php - line 52:

OCA\User_LDAP\Jobs\UpdateGroups->run()

/var/www/html/nextcloud/lib/private/BackgroundJob/TimedJob.php - line 59:

OC\BackgroundJob\Job->execute()

/var/www/html/nextcloud/cron.php - line 128:

OC\BackgroundJob\TimedJob->execute()

I have no idea anymore how fix this error problem.

Server conf

• OS - CentOS 8
• Web - Apache
• Database - MariaDB
• PHP - 7.4
• Nextcloud - 21.0.3
• Old updated to new
• Nextcloud .tar file taken and installed to server

App list

Enabled:
  - admin_audit: 1.11.0
  - cloud_federation_api: 1.4.0
  - dav: 1.17.1
  - federatedfilesharing: 1.11.0
  - files: 1.16.0
  - files_automatedtagging: 1.11.0
  - files_pdfviewer: 2.1.0
  - files_retention: 1.10.1
  - files_rightclick: 1.0.0
  - files_sharing: 1.13.1
  - files_trashbin: 1.11.0
  - files_videoplayer: 1.10.0
  - impersonate: 1.8.0
  - logreader: 2.6.0
  - lookup_server_connector: 1.9.0
  - notifications: 2.9.0
  - oauth2: 1.9.0
  - oidc_login: 2.0.4
  - password_policy: 1.11.0
  - privacy: 1.5.0
  - provisioning_api: 1.11.0
  - recommendations: 1.0.0
  - serverinfo: 1.11.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - systemtags: 1.11.0
  - terms_of_service: 1.7.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.0
  - twofactor_totp: 6.1.0
  - twofactor_u2f: 6.2.0
  - updatenotification: 1.11.0
  - user_ldap: 1.11.0
  - viewer: 1.5.0
  - workflowengine: 2.3.0
Disabled:
  - accessibility
  - activity
  - comments
  - contactsinteraction
  - dashboard
  - encryption
  - federation
  - files_external
  - files_versions
  - firstrunwizard
  - nextcloud_announcements
  - photos
  - support
  - survey_client
  - text
  - user_status
  - weather_status

Nextcloud config

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***",
            "***REMOVED SENSITIVE VALUE***",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "21.0.3.1",
        "overwrite.cli.url": "http:\/\/***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "ldapUserCleanupInterval": 5,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "tempdirectory": "\/opt\/tmp",
        "updater.release.channel": "stable",
        "logtimezone": "Europe\/Tallinn",
        "logdateformat": "j F, Y, H:i:s",
        "loglevel": 3,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "log_rotate_size": 104857600,
        "knowledgebaseenabled": false,
        "force_locale": "et_EE",
        "force_language": "et_EE",
        "auto_logout": true,
        "session_lifetime": 86400,
        "skeletondirectory": "disabled",
        "auth.webauthn.enabled": false,
        "maintenance": false,
        "theme": "",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "files_retention",
            "terms_of_service"
        ],
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 3
        },
        "oidc_login_button_text": "ID-kaart \/ Mobiil-ID \/ Smart-ID",
        "oidc_login_disable_registration": true,
        "oidc_login_hide_password_form": true,
        "oidc_login_proxy_ldap": true,
        "oidc_login_client_id": "nextcloud_public",
        "oidc_login_client_secret": "***REMOVED SENSITIVE VALUE***",
        "oidc_login_provider_url": "https:\/\/***REMOVED SENSITIVE VALUE***\/auth\/realms\/skais",
        "oidc_login_logout_url": "https:\/\/***REMOVED SENSITIVE VALUE***\/auth\/realms\/***REMOVED SENSITIVE VALUE***\/protocol\/openid-connect\/logout?redirect_uri=https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "oidc_login_auto_redirect": false,
        "oidc_login_redir_fallback": true,
        "oidc_login_attributes": {
            "ldap_uid": "id_number",
            "mail": null,
            "name": null
        },
        "oidc_login_scope": "openid ID_number_from_UID profile",
        "allow_local_remote_servers": true,
        "default_phone_region": "EE",
        "data-fingerprint": "***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/",
        "lost_password_link": "disabled"
    }
}

LDAP config

+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration                 | s01                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| homeFolderNamingRule          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| lastJpegPhotoLookup           | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapAgentName                 | ***REMOVED SENSITIVE VALUE***                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| ldapAgentPassword             | ***                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapAttributesForGroupSearch  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapAttributesForUserSearch   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapBackupHost                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapBackupPort                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapBase                      | dc=***REMOVED SENSITIVE VALUE***,dc=test                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapBaseGroups                | dc=***REMOVED SENSITIVE VALUE***,dc=test                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapBaseUsers                 | dc=***REMOVED SENSITIVE VALUE***,dc=test                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapCacheTTL                  | 600                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapConfigurationActive       | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapDefaultPPolicyDN          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapDynamicGroupMemberURL     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapEmailAttribute            | mail                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| ldapExperiencedAdmin          | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapExpertUUIDGroupAttr       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapExpertUUIDUserAttr        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapExpertUsernameAttr        | extensionAttribute1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapExtStorageHomeAttribute   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapGidNumber                 | gidNumber                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| ldapGroupDisplayName          | cn                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| ldapGroupFilter               | (&(|(objectclass=group))(|(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.Admin)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.PartnersExternal)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.***REMOVED SENSITIVE VALUE***)(cn=Role.Nextcloud.ServiceUser)(cn=SD.Nextcloud.2years.users)(cn=SD.Nextcloud.3months.users)(cn=SD.Nextcloud.6months.users)))                                                                                                                                                                                                                                                                                                                    |
| ldapGroupFilterGroups         | Role.Nextcloud.***REMOVED SENSITIVE VALUE***;Role.Nextcloud.Admin;Role.Nextcloud.***REMOVED SENSITIVE VALUE***;Role.Nextcloud.PartnersExternal;Role.Nextcloud.RA;Role.Nextcloud.SKA;Role.Nextcloud.***REMOVED SENSITIVE VALUE***;Role.Nextcloud.***REMOVED SENSITIVE VALUE***;Role.Nextcloud.***REMOVED SENSITIVE VALUE***;Role.Nextcloud.ServiceUser;SD.Nextcloud.2years.users;SD.Nextcloud.3months.users;SD.Nextcloud.6months.users                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapGroupFilterMode           | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapGroupFilterObjectclass    | group                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| ldapGroupMemberAssocAttr      | member                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| ldapHost                      | ldaps://***REMOVED SENSITIVE VALUE***.test                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| ldapIgnoreNamingRules         |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapLoginFilter               | (&(&(|(objectclass=person)(objectclass=top)(objectclass=user))(|(|(memberOf:1.2.840.113556.1.4.1941:=CN=SD - NextCloud - users,OU=NextCloud,OU=Custom Information Systems,OU=Management,OU=Root Version 2,DC=***REMOVED SENSITIVE VALUE***,DC=test)(primaryGroupID=27278))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(accountExpires=%uid)(badPwdCount=%uid)(cn=%uid)(company=%uid)(countryCode=%uid)(department=%uid)(displayName=%uid)(distinguishedName=%uid)(extensionAttribute1=%uid)(givenName=%uid)(ipPhone=%uid)(lastLogoff=%uid)(lastLogon=%uid)(memberOf=%uid)(name=%uid)(postalCode=%uid)(sAMAccountName=%uid)(sn=%uid)(streetAddress=%uid)(title=%uid)(whenChanged=%uid)(whenCreated=%uid)))) |
| ldapLoginFilterAttributes     | accountExpires;badPwdCount;cn;company;countryCode;department;displayName;distinguishedName;extensionAttribute1;givenName;ipPhone;lastLogoff;lastLogon;memberOf;name;postalCode;sAMAccountName;sn;streetAddress;title;whenChanged;whenCreated                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| ldapLoginFilterEmail          | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapLoginFilterMode           | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapLoginFilterUsername       | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapMatchingRuleInChainState  | available                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| ldapNestedGroups              | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapOverrideMainServer        |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapPagingSize                | 500                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapPort                      | 636                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| ldapQuotaAttribute            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapQuotaDefault              |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapTLS                       | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapUserAvatarRule            | default                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| ldapUserDisplayName           | displayname                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| ldapUserDisplayName2          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| ldapUserFilter                | (&(|(objectclass=person)(objectclass=top)(objectclass=user))(|(|(memberOf:1.2.840.113556.1.4.1941:=CN=SD - NextCloud - users,OU=NextCloud,OU=Custom Information Systems,OU=Management,OU=Root Version 2,DC=***REMOVED SENSITIVE VALUE***,DC=test)(primaryGroupID=27278))))                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapUserFilterGroups          | SD - NextCloud - Users                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| ldapUserFilterMode            | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| ldapUserFilterObjectclass     | person;user                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| ldapUuidGroupAttribute        | auto                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| ldapUuidUserAttribute         | auto                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| turnOffCertCheck              | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| turnOnPasswordChange          | 0                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| useMemberOfToDetectMembership | 1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

[come-nc]

With the PR https://github.com/nextcloud/server/pull/29180 the PHP error should disappear but this will still be an error.

Your problem is that you use ldapExpertUsernameAttr=extensionAttribute1 but most likely extensionAttribute1 is not present for some users. The LDAP field you put in there should always be present as it will be used to build the internal name on Nextcloud side for the user. You can also leave it empty and Nextcloud will use the uuid for mappings.

[siimaarmaa]

@come-nc all my users have it attached automatically and filled extensionAttribute1, all AD fiels i have in used in AD

[siimaarmaa]

@skjnldsv this problem not fixed yet

[come-nc]

I think github closed the bug based on the PR description. @siimaarmaa Would you be able to test the master branch and see how this behaves? The PHP error should be gone, and hopefully you will have a clearer error about what is going wrong.

[siimaarmaa]

@come-nc version 22.2.0 have this php error

[come-nc]

https://github.com/nextcloud/server/pull/29316 The fix is scheduled for 22.2.1 for the 22 branch

[come-nc]

@siimaarmaa Did you test on a newer release?

[siimaarmaa]

@come-nc I'm on vacation, not able to test

[come-nc]

@come-nc I'm on vacation, not able to test

Can you test now?

[szaimen]

Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+