szaimen
commented
1 year ago Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!
My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!
If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+
OneTwoBarbecue
When performing a user search in the sharing dialogue of NC, autocompletion performs a full LDAP sync/lookup although ldap time to live is set to 86400s.
This is very problematic in our environment because LDAP consists of ~ 800 members and full sync takes about 4 minutes. That's way to long and should reliably be performed in background.
APCu is installed and preforming well (local). Redis is also up and performing well (distributed & locking).
Steps to reproduce
Expected behaviour
User attributes of all users should be fetched at least twice a day in background as said in the Nextcloud manual: "The attributes of users are fetched on demand (i.e. for sharing autocompletion or in the user management) and then stored inside the Nextcloud database to allow a better performance on our side. They are typically checked twice a day in batches from all users again. "
Actual behaviour
A complete sync is triggered although attributes should be in cache.
Server configuration
Operating system: Ubuntu 20.04
Web server: Nginx 1.21.3
Database: MariaDB 15.1
PHP version: 8.0
Nextcloud version: 21.0.5
List of activated apps:
App list
``` - accessibility: 1.7.0 - activity: 2.14.3 - announcementcenter: 5.0.1 - apporder: 0.13.0 - bbb: 2.0.0 - bruteforcesettings: 2.2.0 - circles: 0.21.4 - cloud_federation_api: 1.4.0 - comments: 1.11.0 - dav: 1.17.1 - external: 3.8.2 - extract: 1.3.2 - federatedfilesharing: 1.11.0 - federation: 1.11.0 - files: 1.16.0 - files_accesscontrol: 1.11.1 - files_antivirus: 3.2.2 - files_external: 1.12.0 - files_pdfviewer: 2.1.0 - files_rightclick: 1.0.0 - files_sharing: 1.13.1 - files_texteditor: 2.14.0 - files_trashbin: 1.11.0 - files_videoplayer: 1.10.0 - groupfolders: 9.0.3 - logreader: 2.6.0 - lookup_server_connector: 1.9.0 - nextcloud_announcements: 1.10.0 - notifications: 2.9.0 - oauth2: 1.9.0 - onlyoffice: 7.1.2 - password_policy: 1.11.0 - previewgenerator: 3.1.1 - privacy: 1.5.0 - provisioning_api: 1.11.0 - richdocuments: 4.2.3 - serverinfo: 1.11.0 - settings: 1.3.0 - systemtags: 1.11.0 - theming: 1.12.0 - twofactor_backupcodes: 1.10.0 - updatenotification: 1.11.0 - user_ldap: 1.11.0 - viewer: 1.5.0 - workflowengine: 2.3.1 ```Nextcloud configuration:
Config report
``` { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "nextcloudgym", "192.168.1.7", "192.168.1.8", "192.168.1.10", "services.gymnasium-ettenheim.de", "nextcloud.gymnasium-ettenheim.de", "moodle.gymnasium-ettenheim.de", "rocketchat.gymnasium-ettenheim.de", "kopano.gymnasium-ettenheim.de" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "log_type": "file", "logfile": "\/var\/www\/nextcloud\/data\/nextcloud.log", "loglevel": 3, "logdateformat": "d. F Y H:i:s", "dbtype": "mysql", "version": "21.0.5.1", "overwritehoste": "nextcloud.gymnasium-ettenheim.de", "overwrite.cli.url": "https:\/\/nextcloud.gymnasium-ettenheim.de", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "activity_expire_days": 14, "auth.bruteforce.protection.enabled": true, "blacklisted_files": [ ".htaccess", "Thumbs.db", "thumbs.db" ], "cron_log": true, "default_phone_region": "DE", "default_locale": "de_DE", "default_language": "de", "enable_previews": true, "enabledPreviewProviders": [ "OC\\Preview\\PNG", "OC\\Preview\\JPEG", "OC\\Preview\\GIF", "OC\\Preview\\BMP", "OC\\Preview\\XBitmap", "OC\\Preview\\Movie", "OC\\Preview\\PDF", "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\Image", "OC\\Preview\\TIFF", "OC\\Preview\\Font", "OC\\Preview\\MKV", "OC\\Preview\\SVG", "OC\\Preview\\AVI", "OC\\Preview\\OpenDocument", "OC\\Preview\\MSOfficeDoc", "OC\\Preview\\MSOffice2003", "OC\\Preview\\MSOffice2007" ], "filesystem_check_changes": 0, "filelocking.enabled": "true", "htaccess.RewriteBase": "\/", "integrity.check.disabled": false, "knowledgebaseenabled": false, "log_rotate_size": 104857600, "logtimezone": "Europe\/Berlin", "memcache.local": "\\OC\\Memcache\\APCu", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "preview_max_x": 1024, "preview_max_y": 768, "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "timeout": 1.5, "password": "***REMOVED SENSITIVE VALUE***" }, "quota_include_external_storage": false, "skeletondirectory": "\/var\/www\/nextcloud\/core\/skeletonEttenheim", "share_folder": "\/mir freigegeben", "lost_password_link": "disabled", "trashbin_retention_obligation": "auto, 7", "versions_retention_obligation": "auto, 14", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "ldapUserCleanupInterval": 86400, "maintenance": false, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauthtype": "LOGIN", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpauth": 1, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "ssl", "forwarded_for_headers": [ "HTTP_X_FORWARDED" ], "app_install_overwrite": [ "files_clipboard" ], "simpleSignUpLink.shown": false, "theme": "", "allow_local_remote_servers": true } } ```External storage: local/smb
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
``` "user_ldap": { "background_sync_interval": "43200", "background_sync_offset": "700", "background_sync_prefix": "s01", "cleanUpJobOffset": "450", "enabled": "yes", "installed_version": "1.11.0", "s01_lastChange": "1635413244", "s01has_memberof_filter_support": "0", "s01home_folder_naming_rule": "", "s01last_jpegPhoto_lookup": "0", "s01ldap_agent_password": "***REMOVED SENSITIVE VALUE***", "s01ldap_attributes_for_group_search": "cn", "s01ldap_attributes_for_user_search": "uid\ngivenName\nsn", "s01ldap_backup_host": "", "s01ldap_backup_port": "", "s01ldap_base": "dc=paedml-linux,dc=lokal", "s01ldap_base_groups": "cn=groups,ou=schule,dc=paedml-linux,dc=lokal", "s01ldap_base_users": "dc=paedml-linux,dc=lokal", "s01ldap_cache_ttl": "86400", "s01ldap_configuration_active": "1", "s01ldap_default_ppolicy_dn": "", "s01ldap_display_name": "displayname", "s01ldap_dn": "uid=ldapsuche,cn=users,dc=paedml-linux,dc=lokal", "s01ldap_dynamic_group_member_url": "", "s01ldap_email_attr": "mailPrimaryAddress", "s01ldap_experienced_admin": "1", "s01ldap_expert_username_attr": "uidNumber", "s01ldap_expert_uuid_group_attr": "", "s01ldap_expert_uuid_user_attr": "", "s01ldap_ext_storage_home_attribute": "uid", "s01ldap_gid_number": "gidNumber", "s01ldap_group_display_name": "cn", "s01ldap_group_filter": "(objectclass=univentionGroup)", "s01ldap_group_filter_mode": "0", "s01ldap_group_member_assoc_attribute": "memberUid", "s01ldap_groupfilter_groups": "", "s01ldap_groupfilter_objectclass": "", "s01ldap_host": "server.paedml-linux.lokal", "s01ldap_login_filter": "(&(objectclass=person)(uid=%uid))", "s01ldap_login_filter_mode": "0", "s01ldap_loginfilter_attributes": "", "s01ldap_loginfilter_email": "0", "s01ldap_loginfilter_username": "1", "s01ldap_matching_rule_in_chain_state": "unknown", "s01ldap_nested_groups": "0", "s01ldap_override_main_server": "", "s01ldap_paging_size": "700", "s01ldap_port": "7389", "s01ldap_quota_attr": "", "s01ldap_quota_def": "0", "s01ldap_tls": "0", "s01ldap_turn_off_cert_check": "0", "s01ldap_turn_on_pwd_change": "0", "s01ldap_user_avatar_rule": "default", "s01ldap_user_display_name_2": "", "s01ldap_user_filter_mode": "0", "s01ldap_userfilter_groups": "", "s01ldap_userfilter_objectclass": "", "s01ldap_userlist_filter": "(|(objectclass=ucsschoolTeacher)(objectclass=ucsschoolStudent)(uid=Administrator))", "s01use_memberof_to_detect_membership": "1", "types": "authentication", "updateAttributesInterval": "10800" }, ``` ``` +-------------------------------+------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 0 | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | uid=ldapsuche,cn=users,dc=paedml-linux,dc=lokal | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | cn | | ldapAttributesForUserSearch | uid;givenName;sn | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | dc=paedml-linux,dc=lokal | | ldapBaseGroups | cn=groups,ou=schule,dc=paedml-linux,dc=lokal | | ldapBaseUsers | dc=paedml-linux,dc=lokal | | ldapCacheTTL | 86400 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mailPrimaryAddress | | ldapExperiencedAdmin | 1 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | uidNumber | | ldapExtStorageHomeAttribute | uid | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (objectclass=univentionGroup) | | ldapGroupFilterGroups | | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | memberUid | | ldapHost | server.paedml-linux.lokal | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(objectclass=person)(uid=%uid)) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapMatchingRuleInChainState | unknown | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 700 | | ldapPort | 7389 | | ldapQuotaAttribute | | | ldapQuotaDefault | 0 | | ldapTLS | 0 | | ldapUserAvatarRule | default | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (|(objectclass=ucsschoolTeacher)(objectclass=ucsschoolStudent)(uid=Administrator)) | | ldapUserFilterGroups | | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+------------------------------------------------------------------------------------+ ```Client configuration
Browser: various
Operating system: various
Logs
Nextcloud doesn't throw any LDAP-related errors or warnings. APCu is up and running. I did check and observe it's work via the APCu php test interface. Redis is also up and running.