search

nextcloud / twofactor_totp

🔑 Second factor TOTP (RFC 6238) provider for Nextcloud
https://apps.nextcloud.com/apps/twofactor_totp
GNU Affero General Public License v3.0
284 stars 58 forks source link

LDAP Users unable to login #1475

Closed DiamondCreeper75 closed 8 months ago

DiamondCreeper75 commented 8 months ago

Expected behaviour

Should authenticate with LDAP users and proceed to the 2FA page.

Actual behaviour

Wrong username or password.

Server configuration

Operating system: Ubuntu 23.10

Web server: Nginx (Reverse proxy)

Database: mariadb Ver 15.1 Distrib 10.11.4-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper

PHP version: PHP 8.2.10-2ubuntu1 (cli) (built: Sep 5 2023 14:37:47) (NTS)

Version: Nextcloud 27.1.4

Updated from an older version or fresh install: fresh install

List of activated apps: Activity 2.19.0

Announcement center 6.7.0

Auditing / Logging 1.17.0

Brute-force settings 2.7.0

Calendar 4.6.0

Circles 27.0.1

Collabora Online - Built-in CODE Server 23.5.601

Collaborative tags 1.17.0

Comments 1.17.0

Contacts 5.4.2

Contacts Interaction 1.8.0

Cookbook 0.10.3

Dashboard 7.7.0

Deck 1.11.2

Deleted files 1.17.0

Favorites Quickaccess Sorting 3.0.0

Federation 1.17.0

File reminders 1.0.0

File sharing 1.19.0

Files automated tagging 1.17.0

First run wizard 2.16.0

Forms 3.4.2

Google integration 2.1.0

LDAP user and group backend 1.17.0

Log Reader 2.12.0

Mail 3.4.5

Maps 1.1.1

Monitoring 1.17.0

News 24.0.0

Nextcloud announcements 1.16.0

Nextcloud Assistant 1.0.2

Nextcloud Office 8.2.3

Notes 4.8.1

Notifications 2.15.0

Password policy 1.17.0

PDF viewer 2.8.0

Photos 2.3.0

Polls 5.4.2

Privacy 1.11.0

Recognize 5.0.3

Recommendations 1.6.0

Related Resources 1.2.0

Right click 1.6.0

Share by mail 1.17.0

SSO & SAML authentication 5.2.5

Support 1.10.0

Suspicious Login 5.0.0

Talk 17.1.3

Talk Matterbridge 1.26.0

Tasks 0.15.0

Text 3.8.0

Two-Factor WebAuthn 1.3.2

Update notification 1.17.0

Usage survey 1.15.0

User status 1.7.0

Versions 1.20.0

Weather status

The content of config/config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => 'cloud.diamondcreeper.org',
  ),
  'trusted_proxies' =>
   array (
     0 => '172.17.0.1',
   ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '27.1.4.1',
  'dbname' => 'nextcloud',
  'dbhost' => '10.10.0.3',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '',
  'installed' => true,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'default_phone_region' => 'NZ',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'diamondcreeper.org',
  'mail_smtphost' => 'diamondcreeper.org',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'noreply@diamondcreeper.org',
  'mail_smtppassword' => '',
  'overwritehost'    => 'cloud.diamondcreeper.org',
  'overwrite.cli.url' => 'https://cloud.diamondcreeper.org',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'filelocking.enabled' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
     'host' => '10.10.0.3',
     'port' => 6380,
     'timeout' => 0.0,
     'password' => '', // Optional, if not defined no password will be used.
  ),
);
ChristophWurst commented 8 months ago

This app doesn't influence password processing.

DiamondCreeper75 commented 8 months ago

This app doesn't influence password processing.

When I have Two-Factor TOTP Provider enabled on any LDAP user, it won't let the user login and says: Wrong username or password. If I disable it, it lets the user login.

ChristophWurst commented 8 months ago

Did you append the OTP to your login password?

RandomHuman2020 commented 8 months ago

Just gonna mention for your reference, @DiamondCreeper75's stuff is set up really weird and likes to break itself in strange ways, for example this issue popped up on the like 12th Nextcloud install in the past 2 weeks. I only know these things because I have to help him fix it quite often.