Open Caligatio opened 7 months ago
SQLSTATE[HY000]: General error: 2006 MySQL server has gone away
Have you looked into why your database server is going offline?
SQLSTATE[HY000]: General error: 2006 MySQL server has gone away
Have you looked into why your database server is going offline?
This also super confuses me as it's a service running on the same VM. Much like the LDAP issue, this is a first time problem since upgrading to v28.
For the group/ldap matter specifically:
service upgradeGroups"
[...]1
and carefully monitoring for group related log entries. Those may provide some clues.This also super confuses me as it's a service running on the same VM. Much like the LDAP issue, this is a first time problem since upgrading to v28.
Hmm. Those db connection errors are generated by the db stack - we don't even directly generate them. Anything interesting in your db server logs or server journalctl
logs?
I understand the timing; that's weird. But generally that sort of thing is a local environment issue. :thinking:
OK, on the DB front: I rebooted the machine within +/- 1 minute of that log so that almost definitively answers that one.
I cranked up the logging for the LDAP issue... now I just need to wait <= 65 minutes.
I've disabled my email as it was spamming affected users but there's now this:
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/oauth1.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/oauth2.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"gPPNS8KsyGEG5Qx8txSN","level":3,"time":"2023-12-13T05:39:21+00:00","remoteAddr":"LOCAL_IPV6","user":"brian","app":"jsresourceloader","method":"GET","url":"/settings/user/externalstorages","message":"Could not find resource files_external/js/public_key.js to load","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"28.0.0.11","data":{"app":"jsresourceloader"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_GROUP2\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XXctal5EXT13jTV5MDEb","level":1,"time":"2023-12-13T17:25:06+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
I only have two groups so this is the whole list. It looks like I'm also suffering from #42158
More logs but still nothing clear why this is happening:
{"reqId":"0X70kdbe8W9R5u3WmT5t","level":1,"time":"2023-12-13T22:07:28+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/REDACTED_USERNAME/","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME postLogin","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"0X70kdbe8W9R5u3WmT5t","level":1,"time":"2023-12-13T22:07:29+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/REDACTED_USERNAME/","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME added to REDACTED_LDAP_GROUP2","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 REDACTED_USERNAME removed from REDACTED_LDAP_GROUP2","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"XWcIPktbaUICJ1uo6UOi","level":1,"time":"2023-12-13T22:50:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"sQAWVvmPOYyDw627uXpR","level":1,"time":"2023-12-13T23:26:12+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"HEAD","url":"/remote.php/dav/files/REDACTED_USERNAME/Upload/Jillian/2023/07/PXL_20230720_162454657.jpg","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME postLogin","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"sQAWVvmPOYyDw627uXpR","level":1,"time":"2023-12-13T23:26:12+00:00","remoteAddr":"REDACTED_IPV6","user":"REDACTED_USERNAME","app":"user_ldap","method":"HEAD","url":"/remote.php/dav/files/REDACTED_USERNAME/Upload/Jillian/2023/07/PXL_20230720_162454657.jpg","message":"OCA\\User_LDAP\\LoginListener \u2013 REDACTED_USERNAME added to REDACTED_LDAP_GROUP2","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 REDACTED_USERNAME removed from REDACTED_LDAP_GROUP2","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"rAzh78MsN7wpO8fYB1Un","level":1,"time":"2023-12-13T23:55:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP2\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 new group \"REDACTED_LDAP_GROUP1\" found.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
{"reqId":"28H4IisiOn2S28mzcYxC","level":1,"time":"2023-12-14T01:00:03+00:00","remoteAddr":"","user":"--","app":"user_ldap","method":"","url":"--","message":"service \"updateGroups\" \u2013 groups [] were removed.","userAgent":"--","version":"28.0.0.11","data":{"app":"user_ldap"}}
I have exactly the same problem. Updated my NC instance on Wednesday. Since then, I get these messages. I first suspected an intrusion, which I could exclude by removing remote access to NC. Yet, I got the mails. Right now, I disabled email notification for group changes to mitigate mail spam.
@systemofapwne Where did you find that notification setting? I ended up just invalidating my SMTP config
EDIT: Turns out I'm also bit by nextcloud/logreader/issues/1073, found the setting!
@systemofapwne Where did you find that notification setting? I ended up just invalidating my SMTP config
EDIT: Turns out I'm also bit by nextcloud/logreader/issues/1073, found the setting!
Here you go:
Yet, I emphasize, this is just a workaround for the bug (that has no other impact but the email spam). It might be related to the LDAP plugin, but I'm not 100% sure, since it just happened after the recent NC update.
@joshtrichards Anything else I can do to help troubleshoot this? I happen to check the activity feed in my Nextcloud Windows client and I'm getting dozens of these events each day.
The same thing is happening to me since I upgraded from 27 to 28 this morning !
I am using LDAP, MariaDB and encryption.
Same here, my users are spammed by multiple emails about their removal from a ldap group, immediatly after updating my nextcloud instance from 27 to 28. If I check users, the raw list show users in right groups. If I check ldap groups, they appears almost empty.
Openldap as users/groups backend.
Same issue upgrading to 28.0.1. I have errors like these in logs that may be related :
Duplicate entry '[redacted group]-[redaxcted username' for key 'user_ldap_membership_unique'
Error no app in context OC\DB\Exceptions\DbalException: An exception occurred while executing a query: SQLSTATE[23000]: Integrity 2024-01-15T18:26:47+11:00
constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for key 'user_ldap_membership_unique' at
lib/private/DB/Exceptions/DbalException.php line 71
0. lib/private/DB/QueryBuilder/QueryBuilder.php line 328
OC\DB\Exceptions\DbalException::wrap(
)
1. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
2. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
3. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
4. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
5. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
6. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
7. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
8. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
9. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
10. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
11. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
12. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
13. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
14. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
15. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
16. ocs/v1.php line 62
OC::handleLogin(
)
17. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing a query:
SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for key
'user_ldap_membership_unique' at .../dbal/src/Driver/API/MySQL/ExceptionConverter.php line 62
0. .../doctrine/dbal/src/Connection.php line 1938
Doctrine\DBAL\Driver\API\MySQL\ExceptionConverter->convert(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1880
Doctrine\DBAL\Connection->handleDriverException(
)
2. 3rdparty/doctrine/dbal/src/Connection.php line 1208
Doctrine\DBAL\Connection->convertExceptionDuringQuery(
)
3. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
4. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
6. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
7. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
8. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
9. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
10. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
11. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
12. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
13. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
14. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
16. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
17. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
20. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
21. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
22. ocs/v1.php line 62
OC::handleLogin(
)
23. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by Doctrine\DBAL\Driver\PDO\Exception: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry
'[redacted group]-[redacted username]' for key 'user_ldap_membership_unique' at
3rdparty/doctrine/dbal/src/Driver/PDO/Exception.php line 28
0. 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 132
Doctrine\DBAL\Driver\PDO\Exception::new(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1202
Doctrine\DBAL\Driver\PDO\Statement->execute(
)
2. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
3. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
4. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
6. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
7. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
8. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
9. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
10. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
11. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
12. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
13. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
14. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
16. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
17. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
20. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
21. ocs/v1.php line 62
OC::handleLogin(
)
22. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
Caused by PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '[redacted group]-[redacted username]' for
key 'user_ldap_membership_unique' at 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 130
0. 3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php line 130
PDOStatement->execute(
)
1. 3rdparty/doctrine/dbal/src/Connection.php line 1202
Doctrine\DBAL\Driver\PDO\Statement->execute(
)
2. lib/private/DB/Connection.php line 294
Doctrine\DBAL\Connection->executeStatement(
)
3. 3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 386
OC\DB\Connection->executeStatement(
)
4. lib/private/DB/QueryBuilder/QueryBuilder.php line 280
Doctrine\DBAL\Query\QueryBuilder->execute(
)
5. lib/private/DB/QueryBuilder/QueryBuilder.php line 326
OC\DB\QueryBuilder\QueryBuilder->execute(
)
6. lib/public/AppFramework/Db/QBMapper.php line 137
OC\DB\QueryBuilder\QueryBuilder->executeStatement(
)
7. apps/user_ldap/lib/LoginListener.php line 95
OCP\AppFramework\Db\QBMapper->insert(
)
8. apps/user_ldap/lib/LoginListener.php line 67
OCA\User_LDAP\LoginListener->updateGroups("*** sensitive parameters replaced ***")
9. apps/user_ldap/lib/LoginListener.php line 55
OCA\User_LDAP\LoginListener->onPostLogin(
)
10. lib/private/EventDispatcher/ServiceEventListener.php line 86
OCA\User_LDAP\LoginListener->handle(
)
11. .../symfony/event-dispatcher/EventDispatcher.php line 230
OC\EventDispatcher\ServiceEventListener->__invoke(
)
12. .../EventDispatcher.php line 59
Symfony\Component\EventDispatcher\EventDispatcher->callListeners(
)
13. .../EventDispatcher/EventDispatcher.php line 94
Symfony\Component\EventDispatcher\EventDispatcher->dispatch(
)
14. lib/private/EventDispatcher/EventDispatcher.php line 106
OC\EventDispatcher\EventDispatcher->dispatch(
)
15. lib/private/User/Session.php line 392
OC\EventDispatcher\EventDispatcher->dispatchTyped(
)
16. lib/private/User/Session.php line 657
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
17. lib/private/User/Session.php line 354
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
18. lib/private/User/Session.php line 453
OC\User\Session->login("*** sensitive parameters replaced ***")
19. lib/private/User/Session.php line 582
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
20. lib/base.php line 1154
OC\User\Session->tryBasicAuthLogin(
)
21. ocs/v1.php line 62
OC::handleLogin(
)
22. ocs/v2.php line 23
require_once("\/var\/www\/nextcloud\/ocs\/v1.php")
In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
I just noticedm that my groups also were all empty. Switching that setting to "memberUid" populated my groups. I have temporarily re-enabled the mail-notification to confirm, that this issue is now gone.
This is also an issue with SSO & SAML accounts when using local Nextcloud groups. I my case I don't have access to the identity provider. The groups are local to the Nextcloud server and the SSO & SAML group configurations are blank. The users that are using the locally installed apps (Windows, Linux, or MacOS) don't seem to have an issue as long as they are using the apps. This issue seems to only appear when the users are using the web browser. Those are the users that I have to add back to the groups. One of the groups I have recreated and moved all the users into that new group. That seems to have stopped the users from being removed from that group but I'm not sure if it is that or because they moved on to using the app instead. I have over 50 groups and am hoping to not have to do that with ever one as a work around.
For people having this issue, I think the problem is indeed a misconfigured group association attribute. What happens is that you have memberof working, so when going from user to group it works, but when going the other way it fails because the attribute is not the right one, and because of that the user is in the group and not in the group at the same time. The constraint violation is another problem that I’m fixing.
For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
Any example of such a misconfiguration ? I how no idea on how to fix it. The configuration is rather simple and done with the UI
For the misconfigured group membership, I’m sure what could be done to help people testing and configuring that.
Any example of such a misconfiguration ? I how no idea on how to fix it. The configuration is rather simple and done with the UI
The Group-Member association
attribute has to be set to what is actually used for members of groups in your LDAP directory. Usually memberUid
for posixGroup
or member
for groupOfNames
.
@come-nc Thanks !
I went in LDAP advanced settings and changed the Group-Member association
to member (AD)
. I do not have the notification issue anymore, and now I can see people in their groups in the Users
management UI
I have the same problem, but the other way round. I get annoying amount of emails, that my user is added from an admin to a group since upgrade to 28 and it persists in 29.
The Group-Member asociation is working correctly, the group is filled with the right users...
@xundeenergie Maybe member-of is present but badly configured on your LDAP server?
It's a dynamic group in ldap. Same configuration as another dynamic group,which doesn't show this issue.
Check if this dynamic group membership appears in the memberOf attribute.
hmm... you are right. memberOf is not shown for this group.
Then this is the root of the problem. You can try to disable using member-of for this LDAP configuration, by setting useMemberOfToDetectMembership
to 0
for your LDAP configuration, but this option is not in the UI you can only set it with occ ldap:set-config
I think. Otherwise disable your memberof overlay or make sure it lists all group memberships.
Hello, we are experiencing the same problem. Lates NC version, Debian Stable, LDAP Users to MS AD. Users are recieving every couple minutes mails with changes groups. In my opinion disabling the member-of attrib is not a sollutuion, if so, nested groups will not work anymore. Please correct me if I am wrong.
In my case, updating to nc 28 seems to have alterate the user to group ldap mapping. See this post which solved my problem: https://help.nextcloud.com/t/solved-ldap-groups-are-empty-but-users-are-set-up-correctly/45907
I just noticedm that my groups also were all empty. Switching that setting to "memberUid" populated my groups. I have temporarily re-enabled the mail-notification to confirm, that this issue is now gone.
I'm using FreeIPA as an LDAP backend, and we just started having this issue as I updated to 28. This, more or less, was the fix for me, as well.
Specifically:
That said, I highly recommend getting Apache Directory Studio and connecting to your LDAP provider to directly, visually inspect it. It WILL help a great deal, it did for me.
Hello, we are experiencing the same problem. Lates NC version, Debian Stable, LDAP Users to MS AD. Users are recieving every couple minutes mails with changes groups. In my opinion disabling the member-of attrib is not a sollutuion, if so, nested groups will not work anymore. Please correct me if I am wrong.
@tgebler I am also using MS AD, and for me the instructions from @tromlet worked. The only difference was the option says "member (AD)" in my case (possibly a difference between nextcloud 28 and 29)
You can also set the same thing using something like occ ldap:set-config s01 ldapGroupMemberAssocAttr member
⚠️ This issue respects the following points: ⚠️
Bug description
Since upgrading to v28 yesterday, my users have been receiving emails at seemingly random intervals saying that "An administrator removed you from group". The groups in question are LDAP based groups, absolutely no edits have been performed, and the users are actually still members of the group when viewed in the Nextcloud interface. This setup has been stable for months and I haven't received these sorts of messages previously.
Steps to reproduce
Unknown at this time other than to be using LDAP and upgrading to v28.
Expected behavior
Not to receive emails about being removed from a group.
Installation method
Community Manual installation with Archive
Nextcloud Server version
28
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.1
Web server
Nginx
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 22 to 23)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
The frequency of the activity emails is every 65 minutes or not at all. For instance, I got them at 2000, 2105, 2210, and 2315 but then nothing for the next ~9 hours until now.