search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.27k stars 4.06k forks source link

[Bug]: New LDAP users are unable to login #47210

Closed paszczus closed 1 month ago

paszczus commented 2 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

New users created in Active Directory are unable to login to Nextcloud. I can find them using web panel, but unable to find them using CLI.

Steps to reproduce

  1. Create new user in Active Directory
  2. Check if user is known using web panel - settings/admin/ldap - IT IS!
  3. Do the same using cli: php occ ldap:check-user --update newuser@foo.bar.pl

The given user is not a recognized LDAP user.

  1. Try to log in as this user using web browser - Login failed.

Expected behavior

User can be found in Users table and can log in to NextCloud.

Installation method

Community Manual installation with Archive

Nextcloud Server version

29

Operating system

RHEL/CentOS

PHP engine version

PHP 8.1

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

Configuration report

{
    "system": {
        "debug": false,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "foo.bar.pl"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/foo.bar.pl",
        "dbtype": "mysql",
        "version": "29.0.4.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "forcessl": true,
        "mail_smtpmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "default_phone_region": "PL",
        "theme": "",
        "loglevel": 3,
        "log_rotate_size": 104857600,
        "trashbin_retention_obligation": "auto",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "updater.release.channel": "stable",
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "ldapIgnoreNamingRules": false,
        "ldapUserCleanupInterval": 20,
        "mysql.utf8mb4": true,
        "filesystem_check_changes": 1,
        "tempdirectory": "\/var\/nextcloud-data\/nextcloudtemp",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "maintenance_window_start": 1,
        "app_install_overwrite": [
            "user_external"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.15
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - deck: 1.13.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_downloadlimit: 2.0.0
  - files_external: 1.21.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - geoblocker: 0.5.14
  - groupfolders: 17.0.1
  - impersonate: 1.16.0
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud_announcements: 1.18.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - sharelisting: 1.2.0
  - support: 1.12.0
  - survey_client: 1.17.0
  - systemtags: 1.19.0
  - text: 3.10.1
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - twofactor_totp: 11.0.0-dev
  - updatenotification: 1.19.1
  - user_external: 3.4.0
  - user_ldap: 1.20.0
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - accessibility: 1.0.1
  - encryption: 2.17.0
  - files_clipboard: 0.7.1 (installed 0.7.1)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - files_texteditor: 2.15.1 (installed 2.15.1)
  - files_videoplayer: 1.3.0
  - gallery: 18.1.0 (installed 18.4.0)
  - password_policy: 1.19.0 (installed 1.4.0)
  - quota_warning: 1.19.0 (installed 1.19.0)
  - suspicious_login: 7.0.0

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

joshtrichards commented 2 months ago

"loglevel": 3,

Set your loglevel back to the default (2) and you may see more info, such as Bind failed / etc.

Also, if you temporarily set to 0 (debug level) while attempting a login on one of these problematic accounts, you'll get even more details about what is going on.

Off the top of my head, your situation hints a bit at the AD "Log On To" policy (check the help forum for past situations like that: https://help.nextcloud.com)

nextcloud-command commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.