Internal Server Error on Nextcloud after tweaking LDAP settings

Hi all!

I hope somebody can help me with this, I’m a bit out of ideas… :cold_sweat::exploding_head:

How can I restore my LDAP-Settings in Nextcloud?

My YunoHost server

Hardware: Old laptop
YunoHost version: 3.7.0.12
I have access to my server : Through SSH and through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

After upgrading Yunohost and Nextcloud all seemed good. Then I was checking the LDAP-Settings in Nextcloud. Since then I’m not able to reach Nextcloud anymore. I’m only getting an Internal Server Error:

Internal Server Error

The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.

As it happend after I was fiddling with the ldap settings in Nextcloud I think it must have a connection and I think this shows me I’m right:

sudo grep -i error /home/yunohost.app/nextcloud/data/nextcloud.log | tail
{"reqId":"Jb5Hd6lGv8flhlZPzhiI","level":2,"time":"2020-04-04T13:11:11+00:00","remoteAddr":"MYIP","user":"--","app":"user_ldap","method":"PROPFIND","url":"/nextcloud/remote.php/webdav/","message":"Configuration Error (prefix ): login filter does not contain %uid place holder.","userAgent":"Mozilla/5.0 (Linux) mirall/2.6.1stable (build 20191104) (Nextcloud)","version":"18.0.2.2"}
sudo -u nextcloud php7.3 /var/www/nextcloud/occ ldap:test-config s01
The configuration is invalid. Please have a look at the logs for further details.

But I’m not sure what I have done. So I was thinking of restoring the ldap settings from my old backup.

The backup restore FullSystemBackup --system conf_ldap seemed to have worked but didn’t change anything.

The backup restore Nextcloud-Pre-Upgrade --apps didn’t go through:

ended_at: 2020-04-04 11:55:44.867435
error: Operation unit has not been closed properly
operation: backup_restore_app
related_to:
- - app
  - nextcloud
started_at: 2020-04-04 11:55:44.865748
success: false

============

2020-04-04 13:55:44,866: INFO - Restoring the app 'nextcloud'…
2020-04-04 13:55:44,867: ERROR - An app with the ID 'nextcloud' is already installed

Maybe there is a possibility to write the ldap settings manually but I don’t know how.

Followup:

Can anybody tell me what the %uid place holder is?

sudo -u nextcloud php7.3 /var/www/nextcloud/occ log:tail
 Warning   user_ldap           Configuration Error (prefix ): login filter does not contain %uid place holder.   

Meh, idk, maybe try to check if you’re up to date with https://github.com/YunoHost-Apps/nextcloud_ynh/blob/testing/conf/config.json#L16-L39

Sometimes the obvious is the solution… Thanks a lot, I just needed that push! :relieved:
That solved it. :partying_face:

Hello,

I have exactly the same problem, I was fiddling with the LDAP settings and Nextcloud crashed.

On the other hand, after reading your messages, I don’t understand what I should do.

Thank you in advance for your help.

Do you have ssh-access to your server?
If yes, can you post the output of
sudo -u nextcloud php7.3 /var/www/nextcloud/occ log:tail
and
sudo -u nextcloud php7.3 /var/www/nextcloud/occ ldap:show-config

This is :

sudo -u nextcloud php7.3 /var/www/nextcloud/occ log:tail


Level App Message Time


Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:45:05+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration is 2020-04-06T11:45:05+00:00
invalid, cannot
connect

Error user_ldap No LDAP Connection to 2020-04-06T11:45:05+00:00
server localhost

Warning user_ldap Configuration Error 2020-04-06T11:52:38+00:00
(prefix ): login
filter does not
contain %uid place
holder.

Warning user_ldap Configuration Error 2020-04-06T11:52:38+00:00
(prefix ): login
filter does not
contain %uid place
holder.


sudo -u nextcloud php7.3 /var/www/nextcloud/occ ldap:show-config
±------------------------------±------------------------------------+
| Configuration | |
±------------------------------±------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=yunohost,dc=org |
| ldapBaseGroups | ou=groups,dc=yunohost,dc=org |
| ldapBaseUsers | ou=users,dc=yunohost,dc=org |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | uid |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | objectClass=posixGroup |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | posixGroup |
| ldapGroupMemberAssocAttr | |
| ldapHost | localhost |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=posixAccount)))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | userquota |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=posixAccount))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | posixAccount |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±------------------------------------+
±------------------------------±------------+
| Configuration | s01 |
±------------------------------±------------+
| hasMemberOfFilterSupport | 0 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | |
| ldapBaseGroups | |
| ldapBaseUsers | |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | |
| ldapHost | |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±------------+

You have the same problem I had. ldapLoginFilter is missing a “%uid”. That’s what the warning in your log file says:

And you can see in the ldap-config-file that there is no “%uid” in the ldapLoginFilter:

So the solution is to set the ldapLoginFilter with the correct value. Over ssh do:

sudo -u nextcloud php7.3 /var/www/nextcloud/occ ldap:set-config "" ldap_login_filter "(&(|(objectclass=posixAccount))(uid=%uid))"

That should fix it.

2 Likes

That did indeed solve the problem. Great.

Thank you very much !

Does that mean you shouldn’t mess around with ldap settings?

I didn’t want to change the configuration, I was looking at it out of curiosity and I don’t know what happened.

Uh in the ideal world, yes … Then if you have some legitimate use case and know what you’re doing, might be okay, but you gotta be careful and expect to know how to fix your setup if it breaks … Otherwise we the Yunohost support team end up helping people with their super-specific use-case about advanced-tweaking instead of having fixes and features for people with regular use cases …

Did you just looked at them … or tortured them ? :thinking: :wink:

Ok, I confess :sweat_smile:, I went through the settings a bit but only a few clicks without changing any values. I guess :thinking:

Anyway, this section is now called : “Don’t touch it, dumbass !”

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.