Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First connexion of LDAP user throw exception #11474

Closed
agrimal opened this issue Sep 30, 2018 · 5 comments · Fixed by #12693
Closed

First connexion of LDAP user throw exception #11474

agrimal opened this issue Sep 30, 2018 · 5 comments · Fixed by #12693
Assignees
@blizzz
Labels
bug feature: ldap feature: users and groups
Milestone
Nextcloud 16

Comments

@agrimal
Copy link

agrimal commented Sep 30, 2018
edited
Loading

Hello,

I'm on a fresh install of NextCLoud on Ubuntu 18.04.1, installed from source.
Nextcloud 14.0.1
http server : apache2 2.4.29-1ubuntu4.3
php : 7.2.10-0ubuntu0.18.04.1
reverse proxy : nginx 1.14.0-0ubuntu1.1
database : mariadb 10.1.34-MariaDB-0ubuntu0.18.04.1

I configured authentication against my OpenLDAP server and everything works fine except one thing : when a user log in for the first time, he is getting an error like "internal server error" on his web client. After that, he just needs to refresh the page and the user is automatically logged in, and no problem after that.

On the server side, i get a big one-line red log :

2018-10-01T01:14:24+0200 nextcloud01 Nextcloud[11297]: {index} {"Exception":"Error","Message":"Call to a member function getBackendClassName() on null","Code":0,"Trace":[{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/dav\/lib\/HookManager.php","line":104,"function":"updateUser","class":"OCA\\DAV\\CardDAV\\SyncService","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/dav\/lib\/HookManager.php","line":81,"function":"postCreateUser","class":"OCA\\DAV\\HookManager","type":"->","args":[{"uid":"*** sensitive parameter replaced ***"}]},{"function":"OCA\\DAV\\{closure}","class":"OCA\\DAV\\HookManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/Hooks\/EmitterTrait.php","line":99,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/Hooks\/PublicEmitter.php","line":36,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/Access.php","line":618,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","assignedUserId",["*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/Access.php","line":875,"function":"dn2ocname","class":"OCA\\User_LDAP\\Access","type":"->","args":["uid=test.user,ou=users,dc=example,dc=fr","Test User","*** sensitive parameter replaced ***",false,"*** sensitive parameter replaced ***"]},{"function":"OCA\\User_LDAP\\{closure}","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/Access.php","line":880,"function":"array_filter","args":[["*** sensitive parameter replaced ***"],{"__class__":"Closure"}]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/Access.php","line":843,"function":"fetchListOfUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["(&(objectclass=inetOrgPerson)(uid=test.user))",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","uid","","mail","cn","","jpegphoto","thumbnailphoto"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/User_LDAP.php","line":172,"function":"fetchUsersByLoginName","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***",["entryuuid","nsuniqueid","objectguid","guid","ipauniqueid","dn","uid","samaccountname","memberof","uid","","mail","cn","","jpegphoto","thumbnailphoto"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/User_LDAP.php","line":189,"function":"getLDAPUserByLoginName","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameter replaced ***"]},{"function":"checkPassword","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/User_Proxy.php","line":81,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\User_LDAP"},"checkPassword"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/Proxy.php","line":152,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/user_ldap\/lib\/User_Proxy.php","line":196,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->","args":["*** sensitive parameter replaced ***","checkPassword",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/User\/Manager.php","line":208,"function":"checkPassword","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/core\/Controller\/LoginController.php","line":298,"function":"checkPasswordNoLogging","class":"OC\\User\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/srv\/nextcloud_archives\/nextcloud-14.0.1\/nextcloud\/apps\/dav\/lib\/CardDAV\/SyncService.php","Line":268,"CustomMessage":"--"}

Every time i create another user, i get the same error on first login.

Here is my config :

# sudo -u www-data php occ app:list
Enabled:
  - accessibility: 1.0.1
  - activity: 2.7.0
  - admin_audit: 1.4.0
  - bruteforcesettings: 1.1.0
  - cloud_federation_api: 0.0.1
  - comments: 1.4.0
  - dav: 1.6.0
  - federatedfilesharing: 1.4.0
  - federation: 1.4.0
  - files: 1.9.0
  - files_pdfviewer: 1.3.2
  - files_sharing: 1.6.2
  - files_texteditor: 2.6.0
  - files_trashbin: 1.4.1
  - files_versions: 1.7.1
  - files_videoplayer: 1.3.0
  - firstrunwizard: 2.3.0
  - gallery: 18.1.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.2.0
  - nextcloud_announcements: 1.3.0
  - notifications: 2.2.1
  - oauth2: 1.2.1
  - password_policy: 1.4.0
  - provisioning_api: 1.4.0
  - quota_warning: 1.3.0
  - serverinfo: 1.4.0
  - sharebymail: 1.4.0
  - support: 1.0.0
  - survey_client: 1.2.0
  - systemtags: 1.4.0
  - theming: 1.5.0
  - twofactor_backupcodes: 1.3.1
  - updatenotification: 1.4.1
  - user_ldap: 1.4.0
  - workflowengine: 1.4.0
Disabled:
  - encryption
  - files_external
  - user_external

MariaDB [nextcloud]> SELECT * FROM oc_appconfig WHERE appid LIKE 'user_ldap';
+-----------+--------------------------------------+----------------------------------------------------------------------+
| appid     | configkey                            | configvalue                                                          |
+-----------+--------------------------------------+----------------------------------------------------------------------+
| user_ldap | background_sync_interval             | 43200                                                                |
| user_ldap | background_sync_offset               | 0                                                                    |
| user_ldap | background_sync_prefix               | s01                                                                  |
| user_ldap | cleanUpJobOffset                     | 0                                                                    |
| user_ldap | enabled                              | yes                                                                  |
| user_ldap | installed_version                    | 1.4.0                                                                |
| user_ldap | s01_lastChange                       | 1538348607                                                           |
| user_ldap | s01has_memberof_filter_support       |                                                                      |
| user_ldap | s01home_folder_naming_rule           |                                                                      |
| user_ldap | s01last_jpegPhoto_lookup             | 0                                                                    |
| user_ldap | s01ldap_agent_password               | UnFiMDRKTkd4a0RxNzQxU0hySE1yYzZrRkI1RjVVWmF4TzM0ek10SlU1njU4VUticpU= |
| user_ldap | s01ldap_attributes_for_group_search  |                                                                      |
| user_ldap | s01ldap_attributes_for_user_search   |                                                                      |
| user_ldap | s01ldap_backup_host                  |                                                                      |
| user_ldap | s01ldap_backup_port                  |                                                                      |
| user_ldap | s01ldap_base                         | dc=example,dc=fr                                                     |
| user_ldap | s01ldap_base_groups                  | ou=groups,dc=example,dc=fr                                           |
| user_ldap | s01ldap_base_users                   | ou=users,dc=example,dc=fr                                            |
| user_ldap | s01ldap_cache_ttl                    | 600                                                                  |
| user_ldap | s01ldap_configuration_active         | 1                                                                    |
| user_ldap | s01ldap_default_ppolicy_dn           |                                                                      |
| user_ldap | s01ldap_display_name                 | cn                                                                   |
| user_ldap | s01ldap_dn                           | uid=nextcloud,ou=applications,dc=example,dc=fr                       |
| user_ldap | s01ldap_dynamic_group_member_url     |                                                                      |
| user_ldap | s01ldap_email_attr                   | mail                                                                 |
| user_ldap | s01ldap_experienced_admin            | 0                                                                    |
| user_ldap | s01ldap_expert_username_attr         |                                                                      |
| user_ldap | s01ldap_expert_uuid_group_attr       | uid                                                                  |
| user_ldap | s01ldap_expert_uuid_user_attr        | uid                                                                  |
| user_ldap | s01ldap_gid_number                   | gidNumber                                                            |
| user_ldap | s01ldap_group_display_name           | cn                                                                   |
| user_ldap | s01ldap_group_filter                 |                                                                      |
| user_ldap | s01ldap_group_filter_mode            | 0                                                                    |
| user_ldap | s01ldap_group_member_assoc_attribute | gidNumber                                                            |
| user_ldap | s01ldap_groupfilter_groups           |                                                                      |
| user_ldap | s01ldap_groupfilter_objectclass      |                                                                      |
| user_ldap | s01ldap_host                         | ldaps://ldap.example.fr                                              |
| user_ldap | s01ldap_login_filter                 | (&(objectclass=inetOrgPerson)(uid=%uid))                             |
| user_ldap | s01ldap_login_filter_mode            | 1                                                                    |
| user_ldap | s01ldap_loginfilter_attributes       | uid                                                                  |
| user_ldap | s01ldap_loginfilter_email            | 0                                                                    |
| user_ldap | s01ldap_loginfilter_username         | 0                                                                    |
| user_ldap | s01ldap_nested_groups                | 0                                                                    |
| user_ldap | s01ldap_override_main_server         |                                                                      |
| user_ldap | s01ldap_paging_size                  | 500                                                                  |
| user_ldap | s01ldap_port                         | 636                                                                  |
| user_ldap | s01ldap_quota_attr                   |                                                                      |
| user_ldap | s01ldap_quota_def                    |                                                                      |
| user_ldap | s01ldap_tls                          | 0                                                                    |
| user_ldap | s01ldap_turn_off_cert_check          | 0                                                                    |
| user_ldap | s01ldap_turn_on_pwd_change           | 1                                                                    |
| user_ldap | s01ldap_user_avatar_rule             | default                                                              |
| user_ldap | s01ldap_user_display_name_2          |                                                                      |
| user_ldap | s01ldap_user_filter_mode             | 1                                                                    |
| user_ldap | s01ldap_userfilter_groups            |                                                                      |
| user_ldap | s01ldap_userfilter_objectclass       | inetOrgPerson                                                        |
| user_ldap | s01ldap_userlist_filter              | (objectclass=inetOrgPerson)                                          |
| user_ldap | s01use_memberof_to_detect_membership | 1                                                                    |
| user_ldap | types                                | authentication                                                       |
+-----------+--------------------------------------+----------------------------------------------------------------------+

https://cloud.example.fr/index.php/settings/integrity/failed
No errors have been found.

# cat config/config.php
<?php
$CONFIG = array (
  'instanceid' => 'xxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' =>
  array (
    0 => 'cloud.example.fr',
    1 => 'other.example.fr',
  ),
  'datadirectory' => '/srv/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '14.0.1.1',
  'overwrite.cli.url' => 'https://cloud.example.fr',
  'overwriteprotocol' => 'https',
  'trusted_proxies' =>
  array (
    0 => '1.2.3.4',
  ),
  'dbname' => 'nextcloud',
  'dbhost' => 'mysql.example.fr',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'mail_from_address' => 'admin',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_domain' => 'example.fr',
  'mail_smtphost' => '127.0.0.1',
  'mail_smtpport' => '25',
  'updater.release.channel' => 'production',
  'memcache.local' => '\OC\Memcache\APCu',
  'redis' => array(
    'host' => 'localhost',
    'port' => 6379,
  ),
  'memcache.locking' => '\OC\Memcache\Redis',
  'log_type' => 'syslog',
  'loglevel' => 1,
);
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #10954 (OCC upgrade throws unhandled exception), #4882 (Impersonating new LDAP user fails), #8852 (LDAP ignores user filter, causing exceptions), #11213 (LDAP Users Problem. Several Other Problems), and #1470 (Avoid warning for non-existing LDAP users).

@agrimal
Copy link
Author

agrimal commented Oct 3, 2018

I found that this bug appears when I set :

  • ldapExpertUsernameAttr to "uid" without modifying ldapExpertUUIDUserAttr or
  • ldapExpertUUIDUserAttr to "uid" without modifying ldapExpertUsernameAttr

When I set ldapExpertUsernameAttr to "cn" and ldapExpertUUIDUserAttr to "uid", everything works fine.

@gramakri
Copy link

gramakri commented Nov 9, 2018

We hit this exact issue with NC 14.0.x on Cloudron as well. The first LDAP login fails with the same backtrace as above but subsequent logins work.

@gramakri
Copy link

https://paste.cloudron.io/elijoyeqop.http has the stack trace.

@gramakri gramakri mentioned this issue Nov 10, 2018
Closed
@blizzz blizzz self-assigned this Nov 27, 2018
@blizzz blizzz added this to the Nextcloud 16 milestone Nov 27, 2018
@blizzz blizzz mentioned this issue Nov 27, 2018
Merged
@blizzz
Copy link
Member

blizzz commented Nov 27, 2018

proposed fix in #12693, thanks for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blizzz blizzz

Labels
bug feature: ldap feature: users and groups
Projects
None yet
Milestone
Nextcloud 16
Development

Successfully merging a pull request may close this issue.

fix exception on LDAP mapping during login nextcloud/server
4 participants
@gramakri @blizzz @nextcloud-bot @agrimal