Open Bueddl opened 4 months ago
I took a look at the code and found the cause of my issue. When doing the setup, I was missing the attribute ldapGroupMemberAssocAttr
of the LDAP config. This results in the LDAP group backend not being enabled:
https://github.com/nextcloud/server/blob/master/apps/user_ldap/lib/Group_LDAP.php#L54
A subsequent getGroups on the backend then just results in a empty set of groups: https://github.com/nextcloud/server/blob/master/apps/user_ldap/lib/Group_LDAP.php#L1091
Clicking the "Verify settings and count the groups" button in the UI Wizard then sets the Attribute ldapGroupMemberAssocAttr
to member
in our case. After that the Backend is enabled and everything works which is why I had to manually press that button just once.
I think occ ldap:test-config
should catch that and/or occ:ldap:check-group
should report that as well instead of just reporting that the group has been found in LDAP and terminating afterwards.
If interested, I can file PRs to change that. My suggestion would be to test the Group Backend for its state when used in the check-group
command and to do the same in test-config
.
⚠️ This issue respects the following points: ⚠️
Bug description
After a fresh install and configuration of the LDAP backend (using occ) verification succeeds using
ldap:check-config
. Sign-in is possible, however the groups the user is assigned (in fact no LDAP group is recognized) to are not recognized. Neither appear they ingroup:list
nor the Settings UI.An attempt to force update the group using
occ ldap:check-group --update --force
succeeds and reports that the group is still available.ldap:check-user --update --force
also shows all groups the user has been assigned to, howeverocc user:info
recognizes the user, shows the correct backend and quota but does not show any groups. Also if signed in as the user it is evident that the groups are not recognized indeed.Going to the LDAP settings and hitting "Verify settings and count the groups" in the "Groups" tab gets rid of all of these problems. Now
occ groups:list
recognizes the groups as well asocc user:info
and the UI.After having triggered the action once via the GUI adding new groups to LDAP with a subsequent run of
ldap:check-group --update --force
not only succeeds but also correctly updates users and groups throughout the system without the need to retrigger the "Verify settings and count the groups" action in the UI.Steps to reproduce
occ ldap:set-config
commandsocc ldap:check-group
and do not appear inocc group:list
.Expected behavior
LDAP groups should be available across the system.
Installation method
Community Docker image
Nextcloud Server version
29
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.2
Web server
Nginx
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
No response
Additional info
No response