Can not connect from client

[Arvi89]

Hello, I use owncloud 7 beta 1, also using LDAP (with open ldap installed on the same server) to log in. I could log in on the web, no problem, but when I tried using the client (Windows or Linux), it kept saying password incorrect.

[PVince81]

Please use the issue template to provide more details about your environment: https://raw.github.com/owncloud/core/master/issue_template.md

Did you install from scratch or update ?

CC @blizzz

[Arvi89]

Installed from scratch, I installed everything on the server yesterday actually.

If you want I can give you full access to the account that owns the owncloud domain to check more in detail (ssh and owncloud, same user)

Server: Ubuntu server 14.04 apache 2.4.7 php 5.5.9 mysql 5.5.37 owncloud 7 beta 1 fresh install

$CONFIG = array ( 'instanceid' => 'ocdbf2683f98', 'passwordsalt' => '*** Removed for security reasons', 'trusteddomains' => array ( 0 => 'cloud.arvi89.com', ), 'datadirectory' => '/path/to/owncloud/data', 'dbtype' => 'mysql', 'version' => '7.0.0.2', 'dbname' => 'dbname', 'dbhost' => '', 'dbtableprefix' => 'oc', 'dbuser' => 'dbuser', 'dbpassword' => '', 'installed' => true, 'forcessl' => true, 'ldapIgnoreNamingRules' => false, 'preview_libreoffice_path' => '/usr/bin/libreoffice', 'loglevel' => '3', );

I often have this error: ldap_start_tls(): Unable to start TLS: Protocol error at /home/cloud/public_html/apps/user_ldap/lib/ldap.php#241

[blizzz]

Is the certificate imported? Please check http://doc.owncloud.org/server/7.0/admin_manual/configuration/auth_ldap.html#ssl-certificate-verification-ldaps-tls

[Arvi89]

the box "Turn off SSL certificate validation." is checked (using virtualmin, I couldn't create my ldap server with SSL)

[blizzz]

Recently I have seen on some systems, that it does not work anymore (maybe openssl changes?). Could you run from command line from within you ownCloud installation:

./occ ldap:set-config "" ldapTLS 0

(if you have more server configured the prefix, here "", is different of course, you get it with ./occ ldap:show-config)

or import the certificate, of course.

[Arvi89]

mm, no, I run the command but I still can't log in from my computer :(

[blizzz]

what is the log output from the login attempt?

[blizzz]

:shit:

as local admin, could you go to LDAP settings and to the expert tab and see whether UUID Attribute for Users: (and Groups) is set to "auto"? If so, make it blank and save, please. It is an upgrade bug in this case :(

[Arvi89]

for the error_log on the server I don't have anything (error message about TLS appears sometimes, but not when I try to log in from my computer), and in the access_log I get a 401, that corresponds to my wrong credentials when I try to log in.

[Arvi89]

The 3 fields in the expert tab were already blank.

[blizzz]

good.

A bit enigmatic though. Could you post your configuration from /.occ ldap:show-config ?

[Arvi89]

sure: (Also, to install ldap, I've followed this article: http://www.virtualmin.com/documentation/id,combining_virtualmin_and_ldap/ But had to modify few things because it's an old one)

| Configuration | | +------------------------------+------------------------------------------+ | hasMemberOfFilterSupport | | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | cn=manager,dc=arvi89,dc=com | | ldapAgentPassword | *\ | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | dc=arvi89,dc=com | | ldapBaseGroups | dc=Groups,dc=arvi89,dc=com | | ldapBaseUsers | dc=Users,dc=arvi89,dc=com | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapEmailAttribute | | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | | | ldapGroupDisplayName | uid | | ldapGroupFilter | | | ldapGroupFilterGroups | | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | uniqueMember | | ldapHost | 37.59.48.142 | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(objectClass=inetOrgPerson)(uid=%uid)) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapNoCase | 0 | | ldapOverrideMainServer | 0 | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserDisplayName | uid | | ldapUserFilter | (objectClass=inetOrgPerson) | | ldapUserFilterGroups | | | ldapUserFilterMode | 1 | | ldapUserFilterObjectclass | | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0

[blizzz]

With this TLS errors should not appear anymore. It looks all OK actually. Could you set your LogLevel to "Everything" and try again and see whether more stuff is visible in the Log?

Did login via client work before?

[Arvi89]

Still nothing. Clients were working before yes on a previous installation. Tomorrow(22:45 here) I will install a v6 and see it it works or not then I'll let you know.

[blizzz]

Could you also try to login via http://zara.owncloud.bzoc/master/remote.php/webdav/ ? Best from a different browser or by private browsing.

[Arvi89]

I installed a v6, and it worked. I couldn't join the link you posted.

I also realized, on the v6, everything went fine to discover for the LDAP configuration, but on the v7 beta, in the user filter configuration, couldn't find the object classes, I had to type in the raw filter (I thought it was because my connection sucks, but it was fine on the v6).

Anyway, I copied exactly all raw filters from v6 to v7 but still can't connect with v7 :(

[Arvi89]

Oh sorry, I misunderstood your link. I tried on my installation, and I couldn't log in. But, if I log in from the web interface then use your url, it works. I just re-installed to try again, same problem. (with RC1 this time)

[blizzz]

When you log in via web interface first a session is created so accessing it via /remote.php/webdav/ will succeed. But we want to log in with that URL since it is basically what the client is doing.

I tried it here with latest stable7 branch and it works for me.

That said I am a bit clueless why it does not work for you. It smells like a configuration glitch.

Does it work for local users actually?

[Arvi89]

No, I can't use either ldap users or local users.

[blizzz]

Aaah! Then something is broken with your webdav. You do not have a warning on the admin page, do you?

[Arvi89]

mm, no, the error log was empty

[blizzz]

No, a warning on top of the page? Do you have an active Apache module? It must be disabled for ownCloud, see http://doc.owncloud.org/server/7.0/admin_manual/installation/installation_source.html?highlight=webdav#configuring-owncloud

[Arvi89]

I just re-installed my server again (making some tests ^^), installed a fresh owncloud 7 RC1, deactivated totally dav from my server, I didn't install LDAP for owncloud, but I still can't login :( (and last time, was not working with owncloud 7, but was fine with owncloud 6)

[PVince81]

@Arvi89 please try enabling mod_rewrite on the server.

[PVince81]

Did you try setting the "loglevel" to 0 in the config ? It should at least show you an authentication error in the log I think.

[Arvi89]

mm I found the issue, I could see "No basic authentication headers were found" in the error log (but weird I didn't notice before, my bad), then I found this: http://forum.owncloud.org/viewtopic.php?f=3&t=2625&sid=7f402018f833dbb3eebc7afa662f0593&start=10

When I checked my .htaccess it was almost empty (only mention for 403 and 404) I've put the rewrite rules and now it works.

Sorry for everything, was just a htaccess issue (missing rules)

[PVince81]

Cool, glad to see that you managed to solve it ! :smile:

I met that mod_rewrite issue recently with server to server sharing on OC 7, that's how I got the idea.

Have fun!

[blizzz]

Thx @PVince81

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.