LDAP write: auto add to group, different/additinoal objectType #8
Description
Steps to reproduce
On creating a new user in LDAP, the entry is created. But we need some non-standard things: Object class should be posixAccount; the new entry should be memberOf a special group else it is not visible to NC. So, a newly created entry is visible in LDAP, but not in NC
This special group is not visible in NC / is not a NC group (in order to prevent users from seeing all the other users)
Expected behaviour
default group membership and additional objectClass added via template
Actual behaviour
no group membership and no additional objectClass added
Server configuration detail
Operating system: Linux 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64
Webserver: Apache/2.4.38 (Debian) (apache2handler)
Database: pgsql PostgreSQL 11.4 (Debian 11.4-1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-7) 8.3.0, 64-bit
PHP version:
7.3.4-2
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, sodium, standard, apache2handler, mysqlnd, PDO, xml, apcu, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, geoip, gettext, gmp, gnupg, horde_lz4, iconv, igbinary, imagick, imap, intl, json, ldap, exif, memcache, msgpack, mysqli, pdo_mysql, pdo_pgsql, pgsql, apc, posix, propro, raphf, readline, redis, shmop, SimpleXML, sockets, ssh2, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Phar, http, memcached, Zend OPcache
Nextcloud version: 16.0.3 - 16.0.3.0
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status
Array
(
)
List of activated apps
Enabled:
- accessibility: 1.2.0
- activity: 2.9.1
- apporder: 0.7.1
- bruteforcesettings: 1.4.0
- calendar: 1.7.0
- cloud_federation_api: 0.2.0
- cms_pico: 0.9.8
- comments: 1.6.0
- contacts: 3.1.3
- data_request: 1.3.0
- dav: 1.9.2
- deck: 0.6.4
- dicomviewer: 1.2.0
- drop_account: 0.1.0
- external: 3.3.0
- federatedfilesharing: 1.6.0
- federation: 1.6.0
- files: 1.11.0
- files_fulltextsearch: 1.3.2
- files_fulltextsearch_tesseract: 1.3.0
- files_markdown: 2.0.6
- files_pdfviewer: 1.5.0
- files_readmemd: 1.1.0
- files_rightclick: 0.13.0
- files_sharing: 1.8.0
- files_texteditor: 2.8.0
- files_trashbin: 1.6.0
- files_versions: 1.9.0
- files_videoplayer: 1.5.0
- firstrunwizard: 2.5.0
- fulltextsearch: 1.3.4
- fulltextsearch_elasticsearch: 1.3.4
- gallery: 18.3.0
- groupfolders: 4.0.3
- impersonate: 1.3.0
- issuetemplate: 0.5.0
- ldap_write_support: 1.0.1
- logreader: 2.1.0
- lookup_server_connector: 1.4.0
- mail: 0.15.1
- nextcloud_announcements: 1.5.0
- notes: 3.0.0
- notifications: 2.4.1
- oauth2: 1.4.2
- passman: 2.3.2
- password_policy: 1.6.0
- polls: 0.10.2
- previewgenerator: 2.1.0
- privacy: 1.0.0
- provisioning_api: 1.6.0
- rainloop: 6.0.2
- recommendations: 0.4.0
- richdocuments: 3.3.13
- serverinfo: 1.6.0
- sharebymail: 1.6.0
- social: 0.2.6
- spreed: 6.0.2
- support: 1.0.0
- survey_client: 1.4.0
- systemtags: 1.6.0
- tasks: 0.11.0
- text: 1.0.1
- theming: 1.7.0
- theming_customcss: 1.3.0
- twofactor_backupcodes: 1.5.0
- updatenotification: 1.6.0
- user_ldap: 1.6.0
- viewer: 1.0.0
- workflowengine: 1.6.0
Disabled:
- admin_audit
- encryption
- files_clipboard
- files_external
- mindmaps
- ocr
- ojsxc
- ownnote
- ransomware_protection
- socialsharing_email
Configuration (config/config.php)
{
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "16.0.3.0",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"theme": "",
"maintenance": false,
"maxZipInputSize": 838860800,
"allowZipDownload": true,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"test.myncdomain.de",
"test.myncdomain.de"
],
"forcessl": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"overwritewebroot": "\/",
"overwrite.cli.url": "https:\/\/test.myncdomain.de",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"dbindex": 1
},
"knowledgebaseenabled": false,
"trashbin_retention_obligation": "auto",
"versions_retention_obligation": "auto, 7",
"check_for_working_wellknown_setup": true,
"loglevel": 1,
"updatechecker": true,
"lost_password_link": "https:\/\/myserver.de\/ssp\/?action=sendtoken",
"tempdirectory": "\/var\/www\/tmp\/",
"mail_smtpport": "25",
"app.mail.imaplog.enabled": false,
"cron_log": true,
"log_rotate_size": 10485760,
"appstoreenabled": true,
"appstore.experimental.enabled": true,
"asset-pipeline.enabled": false,
"activity_expire_days": 7,
"singleuser": false,
"ldapIgnoreNamingRules": false,
"updater.server.url": "https:\/\/updates.nextcloud.com\/updater_server\/",
"updater.release.channel": "stable",
"htaccess.RewriteBase": "\/",
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"dbport": "",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpsecure": "tls",
"mail_smtpauth": 1,
"app_install_overwrite": [
"data_request",
"calendar",
"ldaporg"
],
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
Are you using external storage, if yes which one: no
Are you using encryption:
Are you using an external user-backend, if yes which one: LDAP/
LDAP configuration (delete this par if not used)
background_sync_interval: 43200background_sync_offset: 0background_sync_prefix: s01cleanUpJobOffset: 150enabled: yesinstalled_version: 1.6.0s01_lastChange: 1562360952s01has_memberof_filter_support: 0s01home_folder_naming_rule: s01last_jpegPhoto_lookup: 0s01ldap_agent_password: Z0FybTFzYzE0s01ldap_attributes_for_group_search: cn
descriptions01ldap_attributes_for_user_search: s01ldap_backup_host: dir.myncdomain.tlds01ldap_backup_port: 389s01ldap_base: dc=myncdomain,dc=des01ldap_base_groups: dc=myncdomain,dc=des01ldap_base_users: ou=People,dc=myncdomain,dc=des01ldap_cache_ttl: 600s01ldap_configuration_active: 1s01ldap_default_ppolicy_dn: s01ldap_display_name: uids01ldap_dn: cn=admin,dc=myncdomain,dc=des01ldap_dynamic_group_member_url: s01ldap_email_attr: mails01ldap_experienced_admin: 0s01ldap_expert_username_attr: s01ldap_expert_uuid_group_attr: s01ldap_expert_uuid_user_attr: uids01ldap_gid_number: gidNumbers01ldap_group_display_name: cns01ldap_group_filter: (&(objectclass=groupOfNames)(&(businessCategory=cloud)))s01ldap_group_filter_mode: 0s01ldap_group_member_assoc_attribute: members01ldap_groupfilter_groups: s01ldap_groupfilter_objectclass: s01ldap_host: mail3.myncdomain.locals01ldap_login_filter: (&(&(|(objectclass=posixAccount))(|(memberof=cn=oc,ou=functional groups,dc=myncdomain,dc=de)))(|(uid=%uid)(|(mail=%uid))))s01ldap_login_filter_mode: 1s01ldap_loginfilter_attributes: s01ldap_loginfilter_email: 1s01ldap_loginfilter_username: 1s01ldap_nested_groups: 0s01ldap_override_main_server: 0s01ldap_paging_size: 500s01ldap_port: 389s01ldap_quota_attr: s01ldap_quota_def: 20Gs01ldap_tls: 1s01ldap_turn_off_cert_check: 0s01ldap_turn_on_pwd_change: 1s01ldap_user_display_name_2: s01ldap_user_filter_mode: 1s01ldap_userfilter_groups: s01ldap_userfilter_objectclass: s01ldap_userlist_filter: (&(|(objectclass=posixAccount))(|(memberof=cn=oc,ou=functional groups,dc=myncdomain,dc=de)))s01use_memberof_to_detect_membership: 1types: authentication
Client configuration
Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0
Operating system:
Logs
Web server error log
Insert your web server log here
Nextcloud log
Insert your Nextcloud log here