LDAP/AD integration Error 500 if a user is fetched that is marked as deleted

lucacarangelo commented 6 years ago

### Steps to reproduce 1. Create a group in active directory and configure this Group in Nextcloud LDAP/AD Integration -> Group 2. Move to User from the top right menu (just below Applications) 3.https://xxxxx.xxxx.xxxx/index.php/settings/users/users?offset=0&limit=50&gid=&pattern= RETURNS STATUS 500 () 4. Removing user with apostrophe in surname ('D'ANTONIO SILVA...') , users list starts to work correctly. ### Expected behaviour Tell us what should happen User enabled should be shown ### Actual behaviour Tell us what happens instead Users is empty and an error is reported on browser console. Looking at logs : {"reqId":"Wv1IdXPWrLF0USueApZ79AAAAAI","level":3,"time":"2018-05-17T09:16:37+00:00","remoteAddr":"172.20.32.33","user":"C17D7C4B-6A1B-4FA5-AE22-22BBC238CD67","app":"index","method":"GET","url":"\/index.php\/settings\/users\/users?offset=0&limit=50&gid=&pattern=","message":"Exception: {\"Exception\":\"Error\",\"Message\":\"Call to undefined method OCA\\\\User_LDAP\\\\User\\\\OfflineUser::composeAndStoreDisplayName()\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(685): OCA\\\\User_LDAP\\\\Access->cacheUserDisplayName**('1F22EA11-3263-4...', 'D'ANTONIO SILVA...', 'S.Dantonio@Sirt...')\\n#1** \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(636): OCA\\\\User_LDAP\\\\Access->ldap2NextcloudNames(Array, true)\\n#2 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(287): OCA\\\\User_LDAP\\\\Access->nextcloudUserNames(Array)\\n#3 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(159): OCA\\\\User_LDAP\\\\User_LDAP->getUsers('', 50, 0)\\n#4 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/User\\\/Manager.php(225): OCA\\\\User_LDAP\\\\User_Proxy->getUsers('', 50, 0)\\n#5 \\\/var\\\/www\\\/html\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(314): OC\\\\User\\\\Manager->search('', 50, 0)\\n#6 [internal function]: OC\\\\Settings\\\\Controller\\\\UsersController->index(0, 50, '', '', '')\\n#7 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#8 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#9 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#10 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Settings\\\\\\\\Con...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#11 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#12 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#13 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/base.php(999): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#14 \\\/var\\\/www\\\/html\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php\",\"Line\":721}","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36","version":"13.0.2.1"} ### Server configuration **Operating system**: Red Hat Enterprise Linux Server release 7.4 (Maipo) **Web server:** apache 2.4 **Database:** MariaDB 5.5.56 **PHP version:** php 7.1.11 **Nextcloud version:** (see Nextcloud admin page) 13.0.2 **Updated from an older Nextcloud/ownCloud or fresh install:** Update from 13.0.1; Started from 13.x **Where did you install Nextcloud from:** from your source **Signing status:**

Signing status

``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. No errors have been found.

**List of activated apps:**

Activity 2.6.1 Ufficiale Antivirus App for files 1.2.0 Visualizza nell'archivio ↗ Auditing / Logging 1.3.0 Ufficiale Brute-force settings 1.0.3 Visualizza nell'archivio ↗ Collaborative tags 1.3.0 Ufficiale Comments 1.3.0 Ufficiale Deleted files 1.3.0 Ufficiale External user support 0.4 Ufficiale Federation 1.3.0 Ufficiale File sharing 1.5.0 Ufficiale First run wizard 2.2.1 Ufficiale Gallery 18.0.0 Ufficiale Group folders 1.2.0 Visualizza nell'archivio ↗ LDAP user and group backend 1.3.1 Ufficiale Log Reader 2.0.0 Ufficiale Monitoring 1.3.0 Ufficiale Nextcloud announcements 1.2.0 Ufficiale Notifications 2.1.2 Ufficiale Password policy 1.3.0 Ufficiale PDF viewer 1.2.1 Ufficiale Share by mail 1.3.0 Ufficiale Text editor 2.5.1 Ufficiale Theming 1.4.1 Ufficiale Update notification 1.3.0 Ufficiale Usage survey 1.1.0 Ufficiale Versions 1.6.0 Ufficiale Video player 1.2.0 Ufficiale

App list

``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your Nextcloud installation folder Enabled: - activity: 2.6.1 - admin_audit: 1.3.0 - bruteforcesettings: 1.0.3 - comments: 1.3.0 - dav: 1.4.6 - federatedfilesharing: 1.3.1 - federation: 1.3.0 - files: 1.8.0 - files_antivirus: 1.2.0 - files_pdfviewer: 1.2.1 - files_sharing: 1.5.0 - files_texteditor: 2.5.1 - files_trashbin: 1.3.0 - files_versions: 1.6.0 - files_videoplayer: 1.2.0 - firstrunwizard: 2.2.1 - gallery: 18.0.0 - groupfolders: 1.2.0 - logreader: 2.0.0 - lookup_server_connector: 1.1.0 - nextcloud_announcements: 1.2.0 - notifications: 2.1.2 - oauth2: 1.1.0 - password_policy: 1.3.0 - provisioning_api: 1.3.0 - serverinfo: 1.3.0 - sharebymail: 1.3.0 - survey_client: 1.1.0 - systemtags: 1.3.0 - theming: 1.4.1 - twofactor_backupcodes: 1.2.3 - updatenotification: 1.3.0 - user_external: 0.4 - user_ldap: 1.3.1 - workflowengine: 1.3.0 Disabled: - encryption - files_external - groupfolders-master ```

**Nextcloud configuration:**

Config report

``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder { "system": { "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "overwritehost": "share.portale.xxxx.xxx", "forwarded_for_headers": [ "HTTP_X_FORWARDED_FOR" ], "instanceid": "***REMOVED SENSITIVE VALUE***", "overwriteprotocol": "https", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "10.1.132.20", "share.portale.xxx.xxx", "nextcloud.ict.xxxx.xxx" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "tempdirectory": "\/data\/tmp", "overwrite.cli.url": "https:\/\/share.portale.xxx.xxx\/", "dbtype": "mysql", "version": "13.0.2.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_smtpmode": "smtp", "mail_smtpauthtype": "PLAIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory", "proxy": "172.20.xx.xxx:8080", "maintenance": false, "theme": "", "loglevel": 1, "updater.secret": "***REMOVED SENSITIVE VALUE***" } } or Insert your config.php content here. Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …) ```

**Are you using external storage, if yes which one:** local/smb/sftp/... no **Are you using encryption:** yes/no no **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... yes #### LDAP configuration (delete this part if not used)

LDAP config

### Client configuration **Browser:** All **Operating system:** Windows 10 ### Logs #### Web server error log

Web server error log

``` Insert your webserver log here ```

#### Nextcloud log (data/nextcloud.log) {"reqId":"Wv1IdXPWrLF0USueApZ79AAAAAI","level":3,"time":"2018-05-17T09:16:37+00:00","remoteAddr":"172.20.32.33","user":"C17D7C4B-6A1B-4FA5-AE22-22BBC238CD67","app":"index","method":"GET","url":"\/index.php\/settings\/users\/users?offset=0&limit=50&gid=&pattern=","message":"Exception: {\"Exception\":\"Error\",\"Message\":\"Call to undefined method OCA\\\\User_LDAP\\\\User\\\\OfflineUser::composeAndStoreDisplayName()\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(685): OCA\\\\User_LDAP\\\\Access->cacheUserDisplayName**('1F22EA11-3263-4...', 'D'ANTONIO SILVA...', 'S.Dantonio@Sirt...')\\n#1** \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php(636): OCA\\\\User_LDAP\\\\Access->ldap2NextcloudNames(Array, true)\\n#2 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_LDAP.php(287): OCA\\\\User_LDAP\\\\Access->nextcloudUserNames(Array)\\n#3 \\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/User_Proxy.php(159): OCA\\\\User_LDAP\\\\User_LDAP->getUsers('', 50, 0)\\n#4 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/User\\\/Manager.php(225): OCA\\\\User_LDAP\\\\User_Proxy->getUsers('', 50, 0)\\n#5 \\\/var\\\/www\\\/html\\\/nextcloud\\\/settings\\\/Controller\\\/UsersController.php(314): OC\\\\User\\\\Manager->search('', 50, 0)\\n#6 [internal function]: OC\\\\Settings\\\\Controller\\\\UsersController->index(0, 50, '', '', '')\\n#7 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#8 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#9 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'index')\\n#10 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Settings\\\\\\\\Con...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#11 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#12 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#13 \\\/var\\\/www\\\/html\\\/nextcloud\\\/lib\\\/base.php(999): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#14 \\\/var\\\/www\\\/html\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/nextcloud\\\/apps\\\/user_ldap\\\/lib\\\/Access.php\",\"Line\":721}","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/65.0.3325.181 Safari\/537.36","version":"13.0.2.1"} ``` Insert your Nextcloud log here ``` #### Browser log

Browser log

``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... ```

MorrisJobke commented 6 years ago

cc @nextcloud/ldap

blizzz commented 6 years ago

@lucacarangelo i cannot reproduce it, works as intended with apostrophe in the dislplay name:

screenshot_20180528_165113

The issue must a different one.

What does occ ldap:show-remnants return?

lucacarangelo commented 6 years ago

Hi ,

going deeply in to the problem I recognize that the problem wasn't the apostrophe but the fact that user was no longer in to the Active Directory OU (user exists in AD but it's not in the particular OU anymore).

This is really a bad behaviour, the system should not stop to shows users if they are not present in AD or have been disabled.

I had to delete user using occ user:delete from nextcloud to make the system woking again showing users.

It could happen that a user is "removed" from the OU used by nextcloud ldap and re-inserted after a while. If I enable the automatic deletion its data will be removed and as soon it is re-inserted in the OU he will not find his data anymore....

How can I manage this situation ? Can we lease user data for some period after its "deletion" from active directory ? How can I realign users with AD manually without waiting internal processes?

I also detect that sometime when a new user is added to the system it doesn't create all subfolders in its home and user is not able to use the system receiving an Internal Error.

Is there a way to rebuild its home directory structure ?

blizzz commented 6 years ago

This is really a bad behaviour, the system should not stop to shows users if they are not present in AD or have been disabled.

Indeed, and it is not supposed to.

blizzz commented 6 years ago

Proposed fix in #9640, would be nice if you can verify it solves the issue for you @lucacarangelo @KimTheFirst @spanguel

nextcloud / server

LDAP/AD integration Error 500 if a user is fetched that is marked as deleted #9502