Open Fregf opened 1 year ago
It's worth noting that the GUI does not do this error checking and instantly saves whatever query you enter even if it has no %uid, instacrashing the entire install and preventing users from logging in (for example the admin changing the settings).
Settings can still be fixed also using occ (you don't have to edit the database).
It's important to note that the parameters ldapLoginFilter
and ldapUserFilter
are named backwards, as ldapLoginFilter
provides user details (contains %uid
) and ldapUserFilter
(no %uid
) is used for logins. It took me forever to realise my instal wasn't working because I had swapped the values while trying to fix things.
⚠️ This issue respects the following points: ⚠️
Bug description
I want to import users from LDAP, but let them log in via OpenID Connect (Keycloak), hence I want to disable login via LDAP. To do so, I went to the third tab Login Attributes in the LDAP/AD integration administration settings, and unchecked both options LDAP/AD username and LDAP/AD e-mail address. The LDAP filter then became " LDAP Filter: (&(|(objectclass=gosaAccount)))", and from that moment on, any request to Nextcloud fails with this error:
Nextcloud log says:
The only way to make Nextcloud work again is to execute this SQL query:
update oc_appconfig set configvalue='(&(|(objectclass=gosaAccount))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))' where configkey='s01ldap_login_filter';
Steps to reproduce
Prerequisite: working setup where users can log in via their LDAP account.
Expected behavior
Users cannot log in with their LDAP account, but their username and groups taken from the LDAP are still present in Nextcloud
Installation method
Other Community project
Nextcloud Server version
26
Operating system
Debian/Ubuntu
PHP engine version
Other
Web server
Apache (supported)
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
Nextcloud installed from source, updated by updater/updater.phar, running on Debian Bookworm with PHP 8.2.