nextcloud
[Bug]: LDAP users cannot log in
⚠️ This issue respects the following points: ⚠️
- [X] This is a bug, not a question or a configuration/webserver/proxy issue.
- [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [X] I agree to follow Nextcloud's Code of Conduct.
Bug description
I have configured LDAP/AD Integration of my Nextcloud Server. This worked fine for a couple years now. However, since a couple months, it seems that new users can no longer log in. However, existing users are not affected.
When a new user wants to login, I see the following error in the Nextcloud log:
LDAP Login: Could not get user object for DN cn=<first name, last name>,ou=employees,ou=<redacted>,dc=<redacted>,dc=<redacted>,dc=ch. Maybe the LDAP entry has no set display name attribute?
however, when I check for that user on the "LDAP/AD integration / Login Attributes" page, I get the message "User found and settings verified". So the user definitely exists, and can be found via LDAP, but for some reason, this fails for the login.
Steps to reproduce
- try to login with a LDAP/AD user that has never logged in before.
- the login fails with the error message
LDAP Login: Could not get user object for DN cn=<first name, last name>,ou=employees,ou=<redacted>,dc=<redacted>,dc=<redacted>,dc=ch. Maybe the LDAP entry has no set display name attribute?
Expected behavior
The user can log in successfully using his LDAP/AD account and password.
Installation method
None
Nextcloud Server version
27
Operating system
RHEL/CentOS
PHP engine version
PHP 8.1
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
- [ ] Default user-backend (database)
- [X] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
Configuration report
# sudo -u apache php occ config:list system
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.iap.unibe.ch"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "27.0.2.1",
"overwrite.cli.url": "https:\/\/nextcloud.iap.unibe.ch",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance": false,
"theme": "",
"loglevel": 2,
"updater.release.channel": "stable"
}
}
List of activated Apps
# sudo -u apache php occ app:list
Enabled:
- activity: 2.19.0
- bruteforcesettings: 2.7.0
- calendar: 4.4.4
- circles: 27.0.1
- cloud_federation_api: 1.10.0
- comments: 1.17.0
- dav: 1.27.0
- federatedfilesharing: 1.17.0
- files: 1.22.0
- files_pdfviewer: 2.8.0
- files_rightclick: 1.6.0
- files_sharing: 1.19.0
- files_trashbin: 1.17.0
- files_versions: 1.20.0
- logreader: 2.12.0
- lookup_server_connector: 1.15.0
- nextcloud_announcements: 1.16.0
- notifications: 2.15.0
- oauth2: 1.15.1
- password_policy: 1.17.0
- photos: 2.3.0
- privacy: 1.11.0
- provisioning_api: 1.17.0
- related_resources: 1.2.0
- serverinfo: 1.17.0
- settings: 1.9.0
- sharebymail: 1.17.0
- systemtags: 1.17.0
- text: 3.8.0
- theming: 2.2.0
- twofactor_backupcodes: 1.16.0
- updatenotification: 1.17.0
- user_ldap: 1.17.0
- viewer: 2.1.0
- workflowengine: 2.9.0
Disabled:
- admin_audit: 1.17.0
- contactsinteraction: 1.8.0 (installed 1.1.0)
- dashboard: 7.7.0 (installed 7.0.0)
- encryption: 2.15.0
- federation: 1.17.0 (installed 1.10.1)
- files_external: 1.19.0
- firstrunwizard: 2.16.0 (installed 2.9.0)
- recommendations: 1.6.0 (installed 0.8.0)
- support: 1.10.0 (installed 1.3.0)
- survey_client: 1.15.0 (installed 1.8.0)
- suspicious_login: 5.0.0
- twofactor_totp: 9.0.0
- user_status: 1.7.0 (installed 1.0.0)
- weather_status: 1.7.0 (installed 1.0.0)
Nextcloud Signing status
No errors have been found.
Nextcloud Logs
No response
Additional info
No response
any feedback on this?
I found that rolling back to 25.0.0 solves the issue
https://help.nextcloud.com/t/upgrade-25-0-0-to-25-0-1-ldap-error-maybe-the-ldap-entry-has-no-set-display-name-attribute/149327
or another possibility would be to manually downgrade the LDAP App:
https://help.nextcloud.com/t/ldap-authentifizierung-nach-update-ohne-funktion/151140
I have tested the latter, which does not work, and the former is not possible as downgrading is not supported. And I cannot make a new installation as users are already using the Nextcloud.
I'm experiencing the exact same issue now. Is there a way I can help in triage?
Same issue here, everything was working fine.
Since I raised my domain functional level from 2K8 to 2K12 that issue appeard.
Tried to setup a new nextcloud from scratch, connected the user_ldap to my AD and same behaviour.
All light are green, user_ldap can find AD users but they are unable to login.
here is the error:
"LDAP Login: Could not get user object for DN cn=administrateur,cn=users,dc=domain,dc=tld. Maybe the LDAP entry has no set display name attribute?"
Anyone has a solution ?
Same issue here.
My LDAP query for Users:
(&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=Nextcloud Users,CN=Users,DC=mydomain,DC=local)(primaryGroupID=4291))))
Nextcloud Hub 6 (27.1.4) under TrueNAS-13.0-U6.1 LDAP backend 1.17.0
I'm struggling with the same behavior at version 28.0.1. Sporadically the LDAP users are not found and can either connect to (CalDav/CardDav/WebDav) or log in to nextcloud.
