joshtrichards
commented
7 months ago
SQLSTATE[HY000]: General error: 2006 MySQL server has gone away
Have you looked into why your database server is going offline?
Open Caligatio opened 7 months ago
joshtrichards
commented
7 months ago
SQLSTATE[HY000]: General error: 2006 MySQL server has gone away
Have you looked into why your database server is going offline?
Caligatio
commented
7 months ago
SQLSTATE[HY000]: General error: 2006 MySQL server has gone awayHave you looked into why your database server is going offline?
This also super confuses me as it's a service running on the same VM. Much like the LDAP issue, this is a first time problem since upgrading to v28.
joshtrichards
commented
7 months ago For the group/ldap matter specifically:
service upgradeGroups" [...]1 and carefully monitoring for group related log entries. Those may provide some clues.This also super confuses me as it's a service running on the same VM. Much like the LDAP issue, this is a first time problem since upgrading to v28.
Hmm. Those db connection errors are generated by the db stack - we don't even directly generate them. Anything interesting in your db server logs or server journalctl logs?
I understand the timing; that's weird. But generally that sort of thing is a local environment issue. :thinking:
Caligatio
commented
7 months ago OK, on the DB front: I rebooted the machine within +/- 1 minute of that log so that almost definitively answers that one.
I cranked up the logging for the LDAP issue... now I just need to wait <= 65 minutes.
Caligatio
commented
7 months ago I've disabled my email as it was spamming affected users but there's now this:
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/oauth1.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/oauth2.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/public_key.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_GROUP2\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}I only have two groups so this is the whole list. It looks like I'm also suffering from #42158
Caligatio
commented
7 months ago More logs but still nothing clear why this is happening:
{"reqId":"0X70kdbe8W9R5u3WmT5t","level":1,"time":"2023-12-13T22:07:28+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/REDACTED_USERNAME/","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME postLogin","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"0X70kdbe8W9R5u3WmT5t","level":1,"time":"2023-12-13T22:07:29+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/REDACTED_USERNAME/","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME added to REDACTED_LDAP_GROUP2","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 REDACTED_USERNAME removed from REDACTED_LDAP_GROUP2","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"sQAWVvmPOYyDw627uXpR","level":1,"time":"2023-12-13T23:26:12+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"HEAD","url":"/remote.php/dav/files/REDACTED_USERNAME/Upload/Jillian/2023/07/PXL_20230720_162454657.jpg","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME postLogin","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"sQAWVvmPOYyDw627uXpR","level":1,"time":"2023-12-13T23:26:12+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"HEAD","url":"/remote.php/dav/files/REDACTED_USERNAME/Upload/Jillian/2023/07/PXL_20230720_162454657.jpg","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME added to REDACTED_LDAP_GROUP2","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 REDACTED_USERNAME removed from REDACTED_LDAP_GROUP2","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP2\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
systemofapwne
commented
7 months ago I have exactly the same problem. Updated my NC instance on Wednesday. Since then, I get these messages. I first suspected an intrusion, which I could exclude by removing remote access to NC. Yet, I got the mails. Right now, I disabled email notification for group changes to mitigate mail spam.
Caligatio
commented
7 months ago @systemofapwne Where did you find that notification setting? I ended up just invalidating my SMTP config
EDIT: Turns out I'm also bit by nextcloud/logreader/issues/1073, found the setting!
systemofapwne
commented
7 months ago @systemofapwne Where did you find that notification setting? I ended up just invalidating my SMTP config
EDIT: Turns out I'm also bit by nextcloud/logreader/issues/1073, found the setting!
Here you go:
systemofapwne
commented
7 months ago Yet, I emphasize, this is just a workaround for the bug (that has no other impact but the email spam). It might be related to the LDAP plugin, but I'm not 100% sure, since it just happened after the recent NC update.
Caligatio
commented
7 months ago @joshtrichards Anything else I can do to help troubleshoot this? I happen to check the activity feed in my Nextcloud Windows client and I'm getting dozens of these events each day.
Lukas-dev-threads
commented
6 months ago The same thing is happening to me since I upgraded from 27 to 28 this morning !
I am using LDAP, MariaDB and encryption.
fiftyheight
commented
6 months ago Same here, my users are spammed by multiple emails about their removal from a ldap group, immediatly after updating my nextcloud instance from 27 to 28. If I check users, the raw list show users in right groups. If I check ldap groups, they appears almost empty.
Openldap as users/groups backend.
loxK
commented
6 months ago Same issue upgrading to 28.0.1. I have errors like these in logs that may be related :
Duplicate entry '[redacted group]-[redaxcted username' for key 'user_ldap_membership_unique'
Error no app in context OC\DB\Exceptions\DbalException: An exception occurred while executing a query: SQLSTATE[23000]: Integrity 2024-01-15T18:26:47+11:00
constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for key 'user_ldap_membership_unique' at
lib/private/DB/Exceptions/DbalException.php line 71
0. lib/private/DB/QueryBuilder/QueryBuilder.php line 328
OC\DB\Exceptions\DbalException::wrap(
)
1. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
2. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
3. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
4. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
5. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
6. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
7. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
8. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
9. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
10. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
11. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
12. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
13. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
14. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
15. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
16. ocs/v1.php line 62
OC::handleLogin(
)
17. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing a query:
SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for key
'user_ldap_membership_unique' at .../dbal/src/Driver/API/MySQL/ExceptionConverter.php line 62
0. .../doctrine/dbal/src/Connection.php line 1938
Doctrine\DBAL\Driver\API\MySQL\ExceptionConverter->convert(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1880
Doctrine\DBAL\Connection->handleDriverException(
)
2. 3rdparty/doctrine/dbal/src/Connection.php line 1208
Doctrine\DBAL\Connection->convertExceptionDuringQuery(
)
3. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
4. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
6. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
7. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
8. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
9. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
10. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
11. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
12. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
13. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
14. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
16. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
17. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
20. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
21. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
22. ocs/v1.php line 62
OC::handleLogin(
)
23. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by Doctrine\DBAL\Driver\PDO\Exception: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry
'[redacted group]-[redacted username]' for key 'user_ldap_membership_unique' at
3rdparty/doctrine/dbal/src/Driver/PDO/Exception.php line 28
0. 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 132
Doctrine\DBAL\Driver\PDO\Exception::new(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1202
Doctrine\DBAL\Driver\PDO\Statement->execute(
)
2. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
3. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
4. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
6. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
7. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
8. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
9. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
10. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
11. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
12. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
13. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
14. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
16. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
17. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
20. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
21. ocs/v1.php line 62
OC::handleLogin(
)
22. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for
key 'user_ldap_membership_unique' at 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 130
0. 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 130
PDOStatement->execute(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1202
Doctrine\DBAL\Driver\PDO\Statement->execute(
)
2. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
3. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
4. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
6. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
7. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
8. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
9. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
10. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
11. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
12. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
13. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
14. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
16. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
17. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
20. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
21. ocs/v1.php line 62
OC::handleLogin(
)
22. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
systemofapwne
commented
6 months ago In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
I just noticedm that my groups also were all empty. Switching that setting to "memberUid" populated my groups. I have temporarily re-enabled the mail-notification to confirm, that this issue is now gone.
croniserb
commented
4 months ago This is also an issue with SSO & SAML accounts when using local Nextcloud groups. I my case I don't have access to the identity provider. The groups are local to the Nextcloud server and the SSO & SAML group configurations are blank. The users that are using the locally installed apps (Windows, Linux, or MacOS) don't seem to have an issue as long as they are using the apps. This issue seems to only appear when the users are using the web browser. Those are the users that I have to add back to the groups. One of the groups I have recreated and moved all the users into that new group. That seems to have stopped the users from being removed from that group but I'm not sure if it is that or because they moved on to using the app instead. I have over 50 groups and am hoping to not have to do that with ever one as a work around.
come-nc
commented
4 months ago For people having this issue, I think the problem is indeed a misconfigured group association attribute. What happens is that you have memberof working, so when going from user to group it works, but when going the other way it fails because the attribute is not the right one, and because of that the user is in the group and not in the group at the same time. The constraint violation is another problem that I’m fixing.
For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
loxK
commented
4 months ago For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
Any example of such a misconfiguration ? I how no idea on how to fix it. The configuration is rather simple and done with the UI
come-nc
commented
4 months ago For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
Any example of such a misconfiguration ? I how no idea on how to fix it. The configuration is rather simple and done with the UI
The Group-Member association attribute has to be set to what is actually used for members of groups in your LDAP directory. Usually memberUid for posixGroup or member for groupOfNames.
loxK
commented
4 months ago @come-nc Thanks !
I went in LDAP advanced settings and changed the Group-Member association to member (AD). I do not have the notification issue anymore, and now I can see people in their groups in the Users management UI
xundeenergie
commented
1 month ago I have the same problem, but the other way round. I get annoying amount of emails, that my user is added from an admin to a group since upgrade to 28 and it persists in 29.
The Group-Member asociation is working correctly, the group is filled with the right users...
come-nc
commented
1 month ago @xundeenergie Maybe member-of is present but badly configured on your LDAP server?
xundeenergie
commented
1 month ago It's a dynamic group in ldap. Same configuration as another dynamic group,which doesn't show this issue.
come-nc
commented
1 month ago Check if this dynamic group membership appears in the memberOf attribute.
xundeenergie
commented
1 month ago hmm... you are right. memberOf is not shown for this group.
come-nc
commented
1 month ago Then this is the root of the problem. You can try to disable using member-of for this LDAP configuration, by setting useMemberOfToDetectMembership to 0 for your LDAP configuration, but this option is not in the UI you can only set it with occ ldap:set-config I think. Otherwise disable your memberof overlay or make sure it lists all group memberships.
tgebler
commented
1 month ago Hello, we are experiencing the same problem. Lates NC version, Debian Stable, LDAP Users to MS AD. Users are recieving every couple minutes mails with changes groups. In my opinion disabling the member-of attrib is not a sollutuion, if so, nested groups will not work anymore. Please correct me if I am wrong.
tromlet
commented
3 weeks ago In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
I just noticedm that my groups also were all empty. Switching that setting to "memberUid" populated my groups. I have temporarily re-enabled the mail-notification to confirm, that this issue is now gone.
I'm using FreeIPA as an LDAP backend, and we just started having this issue as I updated to 28. This, more or less, was the fix for me, as well.
Specifically:
That said, I highly recommend getting Apache Directory Studio and connecting to your LDAP provider to directly, visually inspect it. It WILL help a great deal, it did for me.
NerdyGriffin
commented
1 week ago Hello, we are experiencing the same problem. Lates NC version, Debian Stable, LDAP Users to MS AD. Users are recieving every couple minutes mails with changes groups. In my opinion disabling the member-of attrib is not a sollutuion, if so, nested groups will not work anymore. Please correct me if I am wrong.
@tgebler I am also using MS AD, and for me the instructions from @tromlet worked. The only difference was the option says "member (AD)" in my case (possibly a difference between nextcloud 28 and 29)
You can also set the same thing using something like occ ldap:set-config s01 ldapGroupMemberAssocAttr member
⚠️ This issue respects the following points: ⚠️
Bug description
Since upgrading to v28 yesterday, my users have been receiving emails at seemingly random intervals saying that "An administrator removed you from group". The groups in question are LDAP based groups, absolutely no edits have been performed, and the users are actually still members of the group when viewed in the Nextcloud interface. This setup has been stable for months and I haven't received these sorts of messages previously.
Steps to reproduce
Unknown at this time other than to be using LDAP and upgrading to v28.
Expected behavior
Not to receive emails about being removed from a group.
Installation method
Community Manual installation with Archive
Nextcloud Server version
28
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.1
Web server
Nginx
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 22 to 23)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
The frequency of the activity emails is every 65 minutes or not at all. For instance, I got them at 2000, 2105, 2210, and 2315 but then nothing for the next ~9 hours until now.