Server: Sharing with LDAP group misses last user (natural sort) from group
Steps to reproduce
- Share with LDAP group
- Last user (natural sort) is missing from group, cannot access folder, does not see it and cannot access it via activity (sees "File not found")
- Database table oc_share is missing entry for last user, but has folder with accepted = 0 and remaining users with accepted = 1.
Expected behaviour
All users of an LDAP group should be able to access the share.
Either, "accepted" cell in oc_share table should be 1 for folder or every user should be there with accepted = 1.
Actual behaviour
All users but the last (natural sort) of the LDAP group see the share, last user cannot access and cannot accept as database entry is missing.
Setting sharing.enable_share_accept and sharing.force_share_accept to anything else than false does not work, for example setting both to true makes user shares not be accepted by default and group shares not working for anyone anymore. All users are then missing from the oc_share database.
Server configuration
Operating system: Ubuntu 18.04.4 LTS
Web server: Apache 2.4
Database: MariaDB
PHP version: 7.2
Nextcloud version: 18.0.2
Updated from an older Nextcloud/ownCloud or fresh install: Updated since Nextcloud 14
Where did you install Nextcloud from: zip file and updater.phar
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- announcementcenter: 3.7.0
- calendar: 2.0.2
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- contacts: 3.2.0
- dav: 1.14.0
- deck: 0.8.0
- documentserver_community: 0.1.5
- drawio: 0.9.5
- federatedfilesharing: 1.8.0
- federation: 1.8.0
- files: 1.13.1
- files_downloadactivity: 1.7.0
- files_pdfviewer: 1.7.0
- files_rightclick: 0.15.2
- files_sharing: 1.10.1
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- firstrunwizard: 2.7.0
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- nextcloud_announcements: 1.7.0
- notes: 3.2.0
- notifications: 2.6.0
- oauth2: 1.6.0
- onlyoffice: 4.1.4
- password_policy: 1.8.0
- photos: 1.0.0
- polls: 1.3.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- ransomware_protection: 1.6.0
- recommendations: 0.6.0
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- spreed: 8.0.5
- support: 1.1.0
- systemtags: 1.8.0
- tasks: 0.12.1
- text: 2.0.0
- theming: 1.9.0
- twofactor_backupcodes: 1.7.0
- updatenotification: 1.8.0
- user_ldap: 1.8.0
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- files_accesscontrol
- files_automatedtagging
- files_external
- survey_client
Nextcloud configuration:
Config report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.***REMOVED SENSITIVE VALUE***"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/nextcloud.***REMOVED SENSITIVE VALUE***\/",
"dbtype": "mysql",
"version": "18.0.2.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance": false,
"skeletondirectory": "",
"data-fingerprint": "f78e8a3636e5e7a75be9c7682261fdd6",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"updater.release.channel": "stable",
"theme": "",
"loglevel": 1,
"mail_smtpsecure": "ssl",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"auth.bruteforce.protection.enabled": false,
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 360",
"sharing.enable_share_accept": false,
"sharing.force_share_accept": false,
"app_install_overwrite": [
"spreed"
]
}
}
Are you using external storage, if yes which one: None
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+-------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+-------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=admin,dc=xxxxxxx,dc=xxxxx |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=xxxxxxx,dc=xxxxx |
| ldapBaseGroups | ou=groups,dc=xxxxxxx,dc=xxxxx |
| ldapBaseUsers | ou=people,dc=xxxxxxx,dc=xxxxx |
| ldapCacheTTL | 60 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | cn |
| ldapExpertUUIDUserAttr | uid |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=groupOfNames))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | groupOfNames |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldaps://ldap.xxxxxxx.xxxxx |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=inetOrgPerson)))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 636 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=xxxxxxx,dc=xxxxx))) |
| ldapUserFilterGroups | nextcloud |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 1 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+-------------------------------------------------------------------------------------------+
Client configuration
Browser: Firefox 74
Operating system: Windows 10 x64
Logs
Web server error log
Web server error log
No error logged concerning this problem.
Nextcloud log (data/nextcloud.log)
Nextcloud log
No error logged concerning this problem.
Browser log
Browser log
No error logged concerning this problem.
addy90
All 18 comments
Yes, seems the same bug ...
dea-75
on 26 Mar 2020
I confirm this bug
baboupc
on 26 Mar 2020
I can confirm it, too. And it's annoying. We have 600 pupils that need to access their homestudy tasks an other information because of school closing.
Is there any way to reprocess this?
kroerig
on 17 Apr 2020
We added a "zzzzz" user to our LDAP groups that we use for Nextcloud sharing until this issue is fixed.
This seemed to fix it for us so far, but I am not sure if there is something deeper in it. I hope that this will be fixed, soon!
addy90
on 17 Apr 2020
I tried this but we use LDAP-UUID as referenz. This way the login username may change without loosing the Nextcloud account.
But these UUIDs are hex values. Therefor my dummy user sometimes is not the last user.
kroerig
on 17 Apr 2020
Oh damn, sorry to hear, then this workaround doesn't work for you... :(
addy90
on 17 Apr 2020
I have my own workaround but it's a lot of work.
https://help.nextcloud.com/t/geteilte-ordern-nicht-sichtbar/74340/8?u=kroerig
kroerig
on 17 Apr 2020
It seems to me that the problem also exists with users that are part of a circle.
kroerig
on 21 Apr 2020
hey guys, same bug here, can confirm!
chaosgrid
on 23 Apr 2020
Groupfolders seem not to be affected.
kroerig
on 23 Apr 2020
Intersting. In the beginning, I had problems with group folders, I cannot remember what was wrong, but I never used them again since that time. Maybe I have to revisit.
Do group folders not use that new notification-acceptance feature for folder sharing? My oldest LDAP group shares are shared to the group in the database table with accepted = 1 and all the new ones are shared with the group with accepted = 0 and each user enlisted with accepted = 1 except the last one (or random one when you don't use uid but uuid as id in Nextcloud).
addy90
on 23 Apr 2020
I just created a new group folder and impersonated to the last (uuid) user of the group and I could access the share.
Groupfolder shares are not listed in oc_shares.
Just upgraded to 18.0.4. Has anyone tried with the NC19 beta? I've found some change related to ldap and PHP >= 7.3
kroerig
on 23 Apr 2020
Here's the fix.
https://github.com/nextcloud/server/pull/20676
Need to clear cache after applying.
For me it's redis-cli -p 6379 FLUSHALL
bkm-clem
on 27 Apr 2020
How to get an apply this patch?
kroerig
on 27 Apr 2020
Seems to work. At least for new shares.
kroerig
on 27 Apr 2020
@clementhk Your last comment disappeared with the hint which php page to replace so you can make a hotfix and not have to wait for the next release. I urgently need the fix, as this problem is quite annoying for our school.
the-matzup
on 30 Apr 2020
@clementhk Your last comment disappeared with the hint which php page to replace so you can make a hotfix and not have to wait for the next release. I urgently need the fix, as this problem is quite annoying for our school.
https://raw.githubusercontent.com/nextcloud/server/78571eb0c268a0215a66fa3f274813f4cda35665/apps/user_ldap/lib/Group_LDAP.php
Here's the file for 18.0.4
bkm-clem
on 30 Apr 2020
Fixed by #20676
kesselb
on 12 May 2020
Related issues
Django-BOfH
路
3Comments
juliushaertl
路
3Comments
ChristophWurst
路
3Comments
dl5rcw
路
3Comments
mama21mama
路
3Comments
Most helpful comment
Here's the fix.
https://github.com/nextcloud/server/pull/20676
Need to clear cache after applying.
For me it's
redis-cli -p 6379 FLUSHALL