LDAP: 0 Users found, even though config looks OK

[jperals]

Steps to reproduce

1. Activate and configure app "LDAP user and group backend" and configure it through the admin panel. The form says "Configuration OK", the user filter tab says "92 users found" and the command "./occ user:report" also seems to list the LDAP users (2 local users and 92 LDAP users). So everything looks fine.
2. Go to the Users page. Only the 2 local users are listed.
3. Try to login as an LDAP user. Can't log in.

   Expected behaviour

LDAP users should be able to log in and also should be listed in the users page.

Actual behaviour

LDAP users can not log in and are also not listed in the users page, even though the LDAP configuration claims to be OK, both in the admin page and through the occ script.

Server configuration

Operating system: Debian 7 (Wheezy)

Web server: Apache 2.2.22

Database: MySQL 5.5

PHP version: 5.4.4

ownCloud version: 6.0.4

Updated from an older ownCloud or fresh install: updated from 6.0.3

List of activated apps: Activity, Calendar, Contacts, Deleted files, Documents, Encryption, Full Text Search, LDAP user and group backend, PDF Viewer, Pictures, Share Files, Text Editor, Updater, Versions, Video Viewer

The content of config/config.php:

<?php
$CONFIG = array (
  'instanceid' => 'ocfa6bd63579',
  'dbtype' => 'mysql',
  'dbname' => 'owncloud',
  'dbuser' => 'owncloud',
  'dbpassword' => '****',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'passwordsalt' => '****',
  'trusted_domains' => 
  array (
    0 => 'share',
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'version' => '6.0.4.1',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'theme' => '',
  'maintenance' => false,
  'loglevel' => '0',
);

Are you using external storage, if yes which one: no

Are you using encryption: no

Client configuration

Browser: First Chrome, then switched to Firefox because of Chrome problems with undesired form autofills

Operating system: Mac OS X 10.9.2

Logs

Web server error log

$ tail /var/log/apache2/error.log

[Thu Jul 17 16:53:58 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/users (None could be negotiated)., referer: http://share/index.php/settings/admin
[Thu Jul 17 16:54:03 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/admin (None could be negotiated)., referer: http://share/index.php/settings/apps?installed
[Thu Jul 17 16:54:03 2014] [error] [client 192.168.2.126] client denied by server configuration: /var/www/owncloud/data/htaccesstest.txt
[Thu Jul 17 16:58:37 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/users (None could be negotiated)., referer: http://share/index.php/settings/admin
[Thu Jul 17 16:58:44 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/admin (None could be negotiated)., referer: http://share/index.php/settings/apps?installed
[Thu Jul 17 16:58:44 2014] [error] [client 192.168.2.126] client denied by server configuration: /var/www/owncloud/data/htaccesstest.txt
[Thu Jul 17 17:14:00 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/apps (None could be negotiated)., referer: http://share/index.php/settings/admin
[Thu Jul 17 17:28:55 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/apps (None could be negotiated)., referer: http://share/index.php/settings/admin
[Thu Jul 17 17:31:53 2014] [error] [client 192.168.2.61] Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/admin (None could be negotiated)., referer: http://share/index.php/settings/apps?installed
[Thu Jul 17 17:31:53 2014] [error] [client 192.168.2.126] client denied by server configuration: /var/www/owncloud/data/htaccesstest.txt

ownCloud log (data/owncloud.log)

$ tail -n 20 /var/www/owncloud/data/owncloud.log

{"reqId":"53c7f198f2c62","app":"user_ldap","message":"initializing paged search for  FilterobjectClass=* base Array\n(\n    [0] => uid=joan,cn=users,dc=osxserver,dc=ixds,dc=de\n)\n attr entryuuid limit 99999 offset 0","level":1,"time":"2014-07-17T15:54:00+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"Ready for a paged search","level":1,"time":"2014-07-17T15:54:00+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"Setting entryuuid as ldapUuidUserAttribute","level":0,"time":"2014-07-17T15:54:00+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"initializing paged search for  FilterobjectClass=* base Array\n(\n    [0] => uid=joan,cn=users,dc=osxserver,dc=ixds,dc=de\n)\n attr entryuuid limit 99999 offset 0","level":1,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"Ready for a paged search","level":1,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"initializing paged search for  FilterobjectClass=* base Array\n(\n    [0] => uid=joan,cn=users,dc=osxserver,dc=ixds,dc=de\n)\n attr displayname limit 99999 offset 0","level":1,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"Ready for a paged search","level":1,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"Requested attribute displayname not found for uid=joan,cn=users,dc=osxserver,dc=ixds,dc=de","level":0,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"user_ldap","message":"No or empty name for uid=joan,cn=users,dc=osxserver,dc=ixds,dc=de.","level":1,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f198f2c62","app":"core","message":"Login failed: user 'joan' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-07-17T15:54:01+00:00","method":"POST","url":"\/"}
{"reqId":"53c7f48173453","app":"core","message":"redirectToDefaultPage: http:\/\/share\/index.php\/settings\/users","level":0,"time":"2014-07-17T16:06:25+00:00","method":"POST","url":"\/index.php?redirect_url=%2Findex.php%2Fsettings%2Fusers"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"getGroups getGroups---","level":0,"time":"2014-07-17T16:06:25+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"getGroups Filter (&(&(|(objectclass=apple-group)(objectclass=extensibleObject)(objectclass=posixGroup))(|(cn=staff)))(cn=*))","level":0,"time":"2014-07-17T16:06:25+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"Turned off SSL certificate validation successfully.","level":2,"time":"2014-07-17T16:06:25+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"initializing paged search for  FilterobjectClass=* base Array\n(\n    [0] => cn=staff,cn=groups,dc=osxserver,dc=ixds,dc=de\n)\n attr objectclass limit 99999 offset 0","level":1,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"Ready for a paged search","level":1,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"getUsers: Options: search  limit 30 offset  Filter: (&(|(objectclass=posixAccount))(displayname=*))","level":0,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"initializing paged search for  Filter(&(|(objectclass=posixAccount))(displayname=*)) base Array\n(\n    [0] => dc=osxserver,dc=ixds,dc=de\n)\n attr Array\n(\n    [0] => displayname\n    [1] => dn\n)\n limit 30 offset 0","level":1,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"Ready for a paged search","level":1,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}
{"reqId":"53c7f4819023b","app":"user_ldap","message":"getUsers: 0 Users found","level":0,"time":"2014-07-17T16:06:27+00:00","method":"GET","url":"\/index.php\/settings\/users"}

Browser log

Presumably not relevant. Only got this on Firefox:

Use of getPreventDefault() is deprecated.  Use defaultPrevented instead. core.js:50

[PVince81]

Thanks for the detailed report.

@blizzz can you help ?

[blizzz]

Do the users have a value set for the display name attribute? If not, change the attribute to cn for instance, but something were a value is set.

[jperals]

@blizzz yes, the attribute "Group Display Name Field" (that's what you mean, right?) is already set to "cn". I'm a little out of ideas... Thanks for the quick reply, though!

[blizzz]

No, for the users.

[MTRichards]

Assigned to 6.0.5, for investigation purposes.

[jperals]

@blizzz OK, sorry. "User Display Name Field" is also set, in this case to "displayname".

[blizzz]

Yes, but do the user objects have a value assigned to it?

[jperals]

OK, the user display name attribute was wrong. I could finally get the right value from the LDAP server and this made it work. Thanks @blizzz for the hint and sorry for the delay! Mostly our fault then. But still, I think some warning/diagnosis about this from the configuration page would do good (I guess in the advanced tab itself, where you set this attribute. Maybe tweak the "Test Configuration" action?).

[blizzz]

Yes, this should go into documentation.