SOLVED LDAP: Login with username is not possible anymore
out of a sudden it is not possible to login to Nextcloud via username. It still works with the e-mail address. If I try to check a username in the
LDAP / AD integration -> Login Attributessection then Nextcloud returns the following error message:
User not found. Please check your login attributes and username. Effective filter (to copy-and-paste for command-line validation): (&(&(|(objectclass=user)))(|(uid=someusername)(|(mailPrimaryAddress=someusername)(mail=someusername))))
If I check the email addess then Nextcloud returns a
User found and settings verified.message. In contrast the database user
adminis still able to login via username.
I already doublechecked the userconfig inside my.cloudron but I didn't stumble upon any specific misconfiguration. Could someone please point me into the right direction?
I do wonder where that filter is coming from in your case. Cloudron should set it (and also reset it during app restart) to:
I tried your idea to simply restart the app which solved the issue.
Nevertheless I can't reproduce what caused the problem in first place - also I'm not able to tell how the filter changed.
Thank you very much for your quick support!
Yeah ideally to prevent such changes of settings, we would be able to hide that UI within the nextcloud settings panel, but I don't see how that can be done.
@nebulon Custom plugin to hide it. I can write the plugin later and test then just include the plugin with the app.
Given our experience with Nextcloud plugin handling, I would rather not want to maintain such a plugin actually. Ideally the ldap plugin itself (which is at least part of the core package) would have a flag to show/hide the UI. Not sure if this would get any traction upstream, but if you want to get your hands into a custom plugin, maybe you could roughly check if such a flag would be possible to add?
@nebulon hmmm yeah I could see the potential for extra work, but as long as the css for the ldap plugin doesn't change too much I'd imagine it would a "build it once and forget about it" situation.
That said, adding the option to disable the ldap UI for non-admins is a no-brainer I'm sure for Nextcloud programmers.