-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP quota attribute ignored #17514
Comments
Some other logs. Logs from Nestcloud
Access logs from FreeIPA
Working LDAP request from above searches
|
server/apps/user_ldap/lib/User/User.php Line 200 in 950856d
Looks like the ldap quota attribute is always requested in lowercase. Does it work if name the attribute nextcloudquota with your ldap server. |
With lower case it seems works too:
I will try remove 'strtolower' convertion |
It not work
|
Should recreate test user or quota attribute will updated automaticaly? |
cc @nextcloud/ldap |
Commenting this row have no results server/apps/user_ldap/lib/Access.php Line 210 in a1fc233
But case of attribute was changed: |
Usually attribute names are case insensitive. I wouldn't temper with the code, especially since everything else works ;) What does a |
But this user exist in ldap and NC, and I can login with it |
it has to be the user id in nextcloud. See leftmost column on users page. |
Yes, i tried several ways
|
that looks like guessing.
|
I used the correct username |
It is If it is an LDAP user indeed, with the console output and with the screenshot, I bet it is a local one. |
|
So, why is FreeIPA reporting that the user does not exist? What value is stored in the quota attribute for this user? |
This user exist and it's fine.
|
And quota attribute is exist for this user |
what does it return when you request an empty attribute?
|
|
Right now I don't know why it behaves as it does and I don't have an FreeIPA setup to test against. |
If you need, I can provide access for you on my test instance of freeipa |
If I put quota size, for example, to 'carlicense' ldap attribute, then NC quota mechanism works as expected. |
Steps to reproduce
Expected behaviour
Users who have not empty nextcloudQuota ldap attribute should have this quota
Actual behaviour
Default quota
Server configuration
Operating system:
official docker image 17.0, 18.0.1
Web server:
Database:
PHP version:
Nextcloud version: (see Nextcloud admin page)
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from:
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
Disabled:
Nextcloud configuration:
Config report
{
"system": {
"htaccess.RewriteBase": "/",
"memcache.local": "\OC\Memcache\APCu",
"apps_paths": [
{
"path": "/var/www/html/apps",
"url": "/apps",
"writable": false
},
{
"path": "/var/www/html/custom_apps",
"url": "/custom_apps",
"writable": true
}
],
"memcache.distributed": "\OC\Memcache\Redis",
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "REMOVED SENSITIVE VALUE",
"port": 6379,
"password": "REMOVED SENSITIVE VALUE"
},
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"cloud.example.ru",
"docs.example.ru"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "17.0.0.9",
"overwrite.cli.url": "http://cloud.example.ru",
"overwriteprotocol": "https",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"maintenance": false,
"theme": "",
"loglevel": 0,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\User_LDAP\LDAPProviderFactory",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtpsecure": "ssl",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "465",
"mail_smtpname": "REMOVED SENSITIVE VALUE",
"mail_smtppassword": "REMOVED SENSITIVE VALUE"
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
samba
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
Yes
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | attr:uid |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | uid=clouduser,cn=sysaccounts,cn=etc,dc=ipa,dc=example,dc=ru |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | cn;uid;displayName;mail |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=ipa,dc=example,dc=ru |
| ldapBaseGroups | cn=groups,cn=accounts,dc=ipa,dc=example,dc=ru |
| ldapBaseUsers | cn=users,cn=accounts,dc=ipa,dc=example,dc=ru |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | ipauniqueid |
| ldapExpertUsernameAttr | uid |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=ipausergroup))(|(cn=mail)(cn=cloud))) |
| ldapGroupFilterGroups | mail;cloud |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | ipausergroup |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | ipa01.ipa.example.ru |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=posixAccount)))(memberOf=cn=cloud,cn=groups,cn=accounts,dc=ipa,dc=example,dc=ru)(uid=%uid)(!(nsaccountlock=TRUE))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | nextcloudQuota |
| ldapQuotaDefault | 300MB |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (objectClass=inetOrgPerson)(objectClass=posixAccount)(memberOf=cn=cloud,cn=groups,cn=accounts,dc=ipa,dc=example,dc=ru)(!(nsaccountlock=TRUE)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 1 |
| ldapUserFilterObjectclass | inetorgperson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser:
FireFox 68.1.0esr (64-битный)
Operating system:
Opensuse 15.1
Logs
Web server error log
Web server error log
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"NmCn6Y9eJIuYUwzW0duO","level":0,"time":"2019-10-11T15:21:07+00:00","remoteAddr":"10.11.7.10","user":"test_usr","app":"user_ldap","method":"GET","url":"/apps/files/?dir=/&fileid=954","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=test_usr,cn=users,cn=accounts,dc=ipa,dc=example,dc=ru\n)\n attr Array\n(\n [0] => nextcloudquota\n)\n limit 500 offset 0","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","version":"17.0.0.9"}
{"reqId":"NmCn6Y9eJIuYUwzW0duO","level":0,"time":"2019-10-11T15:21:07+00:00","remoteAddr":"10.11.7.10","user":"test_usr","app":"user_ldap","method":"GET","url":"/apps/files/?dir=/&fileid=954","message":"Requested attribute nextcloudquota not found for uid=test_usr,cn=users,cn=accounts,dc=ipa,dc=example,dc=ru","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","version":"17.0.0.9"}
Browser log
Browser log
nextcloudQuota ldap attribute exist on user "test_usr":
The text was updated successfully, but these errors were encountered: