search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.38k stars 2.05k forks source link

Login issue: LDAP User login error #35655

Closed htwsaaraub closed 3 years ago

htwsaaraub commented 5 years ago

Steps to reproduce

  1. Try to login as a ldap user which was not logged in to owncloud before.

Expected behaviour

User should be logged in.

Actual behaviour

Web Error Page is displayed.

User Folder $user/files is not created. Only the cache Folder is available. If the missing Folder $user/files is created manuelly and the correct file system permissions are set, the user can log in. Also, if the user is deleted through the Users Page in the Web UI, the user can log in correct.

It is reproduceable if the Folder $user/files is deleted, the user getting the error Page at login.

I checked the permissions of the folder data. This looks correct. drwxr-x--- 404 www-data www-data 20480 Jun 25 12:09 data

Also the User Folder permissions are set correct. drwxr-xr-x 4 www-data www-data 4096 Jun 25 12:09 XXXXX

Also the Cache Folder. drwxr-xr-x 2 www-data www-data 4096 Jun 25 12:09 cache

Server configuration

{
    "system": {
        "instanceid": "ocd0c770c9da",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "134.96.210.157",
            "aub-cloud.htwsaar.de"
        ],
        "skeletondirectory": "",
        "datadirectory": "\/var\/www\/owncloud\/data",
        "dbtype": "mysql",
        "version": "10.2.0.5",
        "dbname": "owncloud",
        "dbhost": "127.0.0.1",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "theme": "htwsaar",
        "maintenance": false,
        "forcessl": true,
        "loglevel": "2",
        "wnd.logging.enable": true,
        "activity_expire_days": 180,
        "preview_max_x": 100,
        "preview_max_y": 100,
        "enable_previews": false,
        "preview_max_scale_factor": 1,
        "log_rotate_size": 104857600,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "asset-pipeline.enabled": true,
        "trashbin_retention_obligation": "30, auto",
        "filelocking.enabled": "true",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "localhost",
            "port": 6379,
            "timeout": 0,
            "dbindex": 0
        },
        "updatechecker": false,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "lost_password_link": "disabled",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25"
    }
}

List of activated apps:

Enabled:
  - activity: 2.5.0
  - announcementcenter: 1.2.1
  - checksum: 0.3.5
  - configreport: 0.2.0
  - dav: 0.4.0
  - external: 1.4.0
  - federatedfilesharing: 0.4.0
  - federation: 0.1.0
  - files: 1.5.2
  - files_antivirus: 0.15.1
  - files_external: 0.7.1
  - files_external_ftp: 0.2.1
  - files_pdfviewer: 0.11.0
  - files_sharing: 0.11.0
  - files_texteditor: 2.3.0
  - files_textviewer: 1.0.2
  - firstrunwizard: 1.2.0
  - gallery: 16.1.1
  - guests: 0.8.1
  - impersonate: 0.5.0
  - market: 0.5.0
  - notifications: 0.5.0
  - provisioning_api: 0.5.0
  - templateeditor: 0.4.0
  - updatenotification: 0.2.1
  - user_ldap: 0.13.0
Disabled:
  - comments
  - encryption
  - files_trashbin
  - files_versions
  - files_videoplayer
  - systemtags
  - user_external

Are you using external storage, if yes which one: smb

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP

LDAP configuration (delete this part if not used)

 Configuration                 |                                                                                 |
+-------------------------------+---------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                               |
| hasPagedResultSupport         |                                                                                 |
| homeFolderNamingRule          | attr:cn                                                                         |
| lastJpegPhotoLookup           | 0                                                                               |
| ldapAgentName                 | CN=XXX.XXX.XXX.XXX,OU=XXX.XXX.XXX.XXX,DC=htw-saarland,DC=de,DC=local |
| ldapAgentPassword             | ***                                                                             |
| ldapAttributesForGroupSearch  |                                                                                 |
| ldapAttributesForUserSearch   |                                                                                 |
| ldapBackupHost                | XXX.XXX.XXX.XXX                                                                   |
| ldapBackupPort                | 389                                                                             |
| ldapBase                      | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapBaseGroups                | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapBaseUsers                 | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapCacheTTL                  | 600                                                                             |
| ldapConfigurationActive       | 1                                                                               |
| ldapDynamicGroupMemberURL     |                                                                                 |
| ldapEmailAttribute            | userPrincipalName                                                               |
| ldapExperiencedAdmin          | 0                                                                               |
| ldapExpertUUIDGroupAttr       | cn                                                                              |
| ldapExpertUUIDUserAttr        | cn                                                                              |
| ldapExpertUsernameAttr        | cn                                                                              |
| ldapGroupDisplayName          | cn                                                                              |
| ldapGroupFilter               | (&(|(objectclass=group)))                                                       |
| ldapGroupFilterGroups         |                                                                                 |
| ldapGroupFilterMode           | 1                                                                               |
| ldapGroupFilterObjectclass    | group                                                                           |
| ldapGroupMemberAssocAttr      | member                                                                          |
| ldapHost                      | XXX.XXX.XXX.XXX                                                                 |
| ldapIgnoreNamingRules         |                                                                                 |
| ldapLoginFilter               | (&(&(|(objectclass=person)))(samaccountname=%uid))                              |
| ldapLoginFilterAttributes     |                                                                                 |
| ldapLoginFilterEmail          | 0                                                                               |
| ldapLoginFilterMode           | 0                                                                               |
| ldapLoginFilterUsername       | 1                                                                               |
| ldapNestedGroups              | 1                                                                               |
| ldapOverrideMainServer        | 0                                                                               |
| ldapPagingSize                | 5000                                                                            |
| ldapPort                      | 389                                                                             |
| ldapQuotaAttribute            |                                                                                 |
| ldapQuotaDefault              |                                                                                 |
| ldapTLS                       | 0                                                                               |
| ldapUserDisplayName           | displayname                                                                     |
| ldapUserDisplayName2          |                                                                                 |
| ldapUserFilter                | (&(|(objectclass=person)))                                                      |
| ldapUserFilterGroups          |                                                                                 |
| ldapUserFilterMode            | 1                                                                               |
| ldapUserFilterObjectclass     | person                                                                          |
| ldapUserName                  | samaccountname                                                                  |
| ldapUuidGroupAttribute        | auto                                                                            |
| ldapUuidUserAttribute         | auto                                                                            |
| turnOffCertCheck              | 1                                                                               |
| useMemberOfToDetectMembership | 1                                                                               |
+-------------------------------+---------------------------------------------------------------------------------+
+-------------------------------+---------------------------------------------------------------------------------+
| Configuration                 | s01                                                                             |
+-------------------------------+---------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 0                                                                               |
| hasPagedResultSupport         |                                                                                 |
| homeFolderNamingRule          | attr:cn                                                                         |
| lastJpegPhotoLookup           | 0                                                                               |
| ldapAgentName                 | CN=XXX.XXX.XXX.XXX,OU=PXXX.XXX.XXX.XXX,DC=htw-saarland,DC=de,DC=local |
| ldapAgentPassword             | ***                                                                             |
| ldapAttributesForGroupSearch  |                                                                                 |
| ldapAttributesForUserSearch   |                                                                                 |
| ldapBackupHost                | XXX.XXX.XXX.XXX                                                                |
| ldapBackupPort                | 389                                                                             |
| ldapBase                      | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapBaseGroups                | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapBaseUsers                 | DC=htw-saarland,DC=de,DC=local                                                  |
| ldapCacheTTL                  | 600                                                                             |
| ldapConfigurationActive       | 1                                                                               |
| ldapDynamicGroupMemberURL     |                                                                                 |
| ldapEmailAttribute            | mail                                                                            |
| ldapExperiencedAdmin          | 0                                                                               |
| ldapExpertUUIDGroupAttr       | cn                                                                              |
| ldapExpertUUIDUserAttr        | cn                                                                              |
| ldapExpertUsernameAttr        | cn                                                                              |
| ldapGroupDisplayName          | cn                                                                              |
| ldapGroupFilter               | (&(|(objectclass=group)))                                                       |
| ldapGroupFilterGroups         |                                                                                 |
| ldapGroupFilterMode           | 1                                                                               |
| ldapGroupFilterObjectclass    |                                                                                 |
| ldapGroupMemberAssocAttr      | member                                                                          |
| ldapHost                      | XXX.XXX.XXX.XXX                                                                  |
| ldapIgnoreNamingRules         |                                                                                 |
| ldapLoginFilter               | (&(&(|(objectclass=person)))(samaccountname=%uid))                              |
| ldapLoginFilterAttributes     |                                                                                 |
| ldapLoginFilterEmail          | 0                                                                               |
| ldapLoginFilterMode           | 0                                                                               |
| ldapLoginFilterUsername       | 1                                                                               |
| ldapNestedGroups              | 0                                                                               |
| ldapOverrideMainServer        |                                                                                 |
| ldapPagingSize                | 5000                                                                            |
| ldapPort                      | 389                                                                             |
| ldapQuotaAttribute            |                                                                                 |
| ldapQuotaDefault              |                                                                                 |
| ldapTLS                       | 1                                                                               |
| ldapUserDisplayName           | displayname                                                                     |
| ldapUserDisplayName2          |                                                                                 |
| ldapUserFilter                | (&(|(objectclass=person)))                                                      |
| ldapUserFilterGroups          |                                                                                 |
| ldapUserFilterMode            | 1                                                                               |
| ldapUserFilterObjectclass     |                                                                                 |
| ldapUserName                  | samaccountname                                                                  |
| ldapUuidGroupAttribute        | auto                                                                            |
| ldapUuidUserAttribute         | auto                                                                            |
| turnOffCertCheck              | 1                                                                               |
| useMemberOfToDetectMembership | 1                                                                               |
+-------------------------------+---------------------------------------------------------------------------------+

Client configuration

Browser: Google Chrome Version 75.0.3770.100 (Offizieller Build) (64-Bit)

Operating system:

Logs

ownCloud log (data/owncloud.log)

{"reqId":"Vm2rZriKC4wARxM0xQyz","level":3,"time":"2019-06-25T10:09:15+00:00","remoteAddr":"212.18.200.100","user":"XXXX","app":"index","method":"GET","url":"\/index.php\/apps\/files\/","message":"Exception: {\"Exception\":\"OCP\\Files\\NotFoundException\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\/var\\/www\\/owncloud\\/apps\\/files\\/lib\\/Controller\\/ViewController.php(134): OC_Helper::getStorageInfo('\\/', false)\n#1 \\/var\\/www\\/owncloud\\/apps\\/files\\/lib\\/Controller\\/ViewController.php(207): OCA\\Files\\Controller\\ViewController->getStorageInfo()\n#2 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php(153): OCA\\Files\\Controller\\ViewController->index('', '', NULL, NULL)\n#3 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Http\\/Dispatcher.php(85): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OCA\\Files\\Controller\\ViewController), 'index')\n#4 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/App.php(100): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OCA\\Files\\Controller\\ViewController), 'index')\n#5 \\/var\\/www\\/owncloud\\/lib\\/private\\/AppFramework\\/Routing\\/RouteActionHandler.php(46): OC\\AppFramework\\App::main('ViewController', 'index', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#6 \\/var\\/www\\/owncloud\\/lib\\/private\\/Route\\/Router.php(342): OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#7 \\/var\\/www\\/owncloud\\/lib\\/base.php(909): OC\\Route\\Router->match('\\/apps\\/files\\/')\n#8 \\/var\\/www\\/owncloud\\/index.php(54): OC::handleRequest()\n#9 {main}\",\"File\":\"\\/var\\/www\\/owncloud\\/lib\\/private\\/legacy\\/helper.php\",\"Line\":585}"}

htwsaaraub commented 5 years ago

I managed to fix this issue at the Moment by running a shell script by Cron for Syncing (new) LDAP Users and manage this files.

occ user:sync "OCA\User_LDAP\User_Proxy" -m remove occ files:scan $user --repair (for all users, running through a loop)

After this, the user folders are created properly.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.