LDAP usergroups reset?

David 0

Hi,

I've installed the latest Nextcloud release and ever since I get regular emails (1 per hour) that some accounts were deleted as administrators from certain groups.
After updating the nextcloud app, I updated cloudron itself to the latest version (I forgot on this particular server to do so earlier), maybe that should resolve my problem. It did not.

Strangely, in Nextcloud, everything showed up as it should (and worked). So I dug deeper: Here's one error from the Nextcloud Log that seems to point at this issue:

[index] Fehler: An exception occurred while executing a query: SQLSTATE[23505]: Unique violation: 7 ERROR:  duplicate key value violates unique constraint "user_ldap_membership_unique"
DETAIL:  Key (groupid, userid)=(cl-komm-kommunikation, davidlohner) already exists.

I remember having trouble setting up a proper sync of the Cloudron groups into Nextcloud when initially getting everything running. Maybe some of my modifications in the LDAP-config of Nextcloud do backfire now?

In Nextcloud in the LDAP/AD-Settings, I have

• ou=users,dc=cloudron next to the Base-DN Settings and
• (objectclass=group) in the "groups"-tab.

Deleting and re-adding the latter setting in the groups tab seemed to solve this issue (so for a brief moment, all users had no group assigned to them in Nextcloud), at least the emails stopped.

I really hope this was just a hiccup.

nebulon

At least on Cloudron side nothing changed in that area in the latest release and also the Nextcloud LDAP config was untouched. So maybe if this comes back, it may be a regression in Nextcloud and/or the LDAP plugin there.

David 0

Oh no, the emails did not stop![1]
thanks for your reply, though.
I'm going to dive deeper into the logs and the Nextcloud forums. Maybe (hopefully!) I'll find some hints what's going on over there.

The Nextcloud Activity-App tells me that around every hour or so "an administrator deleted me from a group". Around 5-10 minutes later, my own account re-adds me to the same groups.

[1]: I've disabled e-mail notifications.

David 0

Just wanted to share an update: I guess the "extended permissions" in the group folder app/settings were responsible for my troubles.

Everything works fine now. (this topic can be marked as "solved")

nebulon

Thanks for sharing the root cause.

David 0

sigh here we are again.

Tonight, I received multiple emails as described in the first post. Strangely, I could not identify, why some users received them multiple times, others just once.

I could not find any connection looking at the timestamps of those emails (01:10am, 3:20am, 5:30am, all mentioning some events exactly 5 minutes prior) and the log files of Cloudron or the Nextcloud app.

Is there an "official" way to sync Cloudron groups into Nextcloud? I've done that with some other tutorials I found when initially configuring my Nextcloud. Here are my current settings. Maybe there is something wrong with them?

Server Settings

User Settings

Attributes Settings

Group Settings

nebulon

I think I got down to the root problem of this. The change is https://git.cloudron.io/cloudron/nextcloud-app/-/commit/56e32573b80cb9cd5dd45d16a977f8ecf395384c and the new package is out.

@David-0 let us know if this solves it for you as well.

avatar1024

@nebulon thank you for this! I had this same issue for months and your fix seems to work. Something must have changed with NC28 as other (non cloudron) users have experienced and reported this in NC github. In fact I hadn't even thought of reporting it here as I thought it was not cloudron related. I wonders if what you did to the NC cloudron package could be helpful to others...?