[Bug]: LDAP makes NC29 server unstable

[zainab186]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

LDAP enabled backend app causing server to crash after configurating it, now it is not allowed to be enabled on the server, and when installed from shell it causes gui to show internal server error

Steps to reproduce

1.install ldap server
2.configure it
3.server crashes

Expected behavior

Server works normally

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

29

Operating system

RHEL/CentOS

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "10.200.10.14"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.0.19",
        "overwrite.cli.url": "http:\/\/10.200.10.14",
        "allow_local_remote_servers": true,
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true
    }
}

List of activated Apps

- activity: 2.21.1
  - calendar: 4.7.2
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_downloadlimit: 2.0.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - forms: 4.2.3
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.0
  - richdocumentscode: 24.4.103
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - spreed: 19.0.0
  - support: 1.12.0
  - survey_client: 1.17.0
  - systemtags: 1.19.0
  - text: 3.10.0
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 10:20:58 AM"	

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 10:20:58 AM"	

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 10:20:58 AM"	

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 9:18:58 AM"	

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 9:18:58 AM"	

Warning	no app in context	
Host 10.200.10.14 was not connected to because it violates local access rules

"May 7, 2024, 9:18:58 AM"	

Warning	support	
Can not determine user count for OCA\User_LDAP\User_Proxy

"May 6, 2024, 3:50:01 PM"	

Error	support	
ServerNotAvailableException
Connection to LDAP server could not be established

"May 6, 2024, 3:50:01 PM"	

Error	user_ldap	
No LDAP Connection to server 10.200.40.10

"May 6, 2024, 3:50:01 PM"

Additional info

No response

[joshtrichards]

I understand you can't enable the app now, but can you expand on the initial issue:

LDAP enabled backend app causing server to crash after configurating it,

"Crash" as in ... ? And maybe provided the associated log entry?

I don't suppose you can provide some details about how you configured LDAP?

[zainab186]

Thank you for responding, crash as in literally server is not showing any gui and not accessible, showing "server is not able to complete your request",ldap backend was enabled after installing php-ldap on the system. I tried installing it (ldap backend) using occ via shell but it keeps breaking the server. When i install it from the app store on nc it prevents me and shows the screen attached. Logs actually show nothing regarding why server crashes or what happen after i install the ldap. I will provide you with them just when i am at office. Thank you

[zainab186]

At first it crashes after faulty config which I can't trace yet because AD management is not within my sight, we have another dept handling it, but now it just does that after enabling ldap backend

[joshtrichards]

Thank you for responding, crash as in literally server is not showing any gui and not accessible, showing "server is not able to complete your request",ldap backend was enabled after installing php-ldap on the system. I tried installing it (ldap backend) using occ via shell but it keeps breaking the server.

So you're saying it initially crashed before you configured anything LDAP related?

Please provide the entire stack trace from the first erroneous log entry (it'll likely include a stack trace) after you enabled the user_ldap app. The bits you provided don't appear to be full log entries. If you're doing it from the Web UI, you need to use the option to get the raw entry. Otherwise grab it from your nextcloud.log.

[zainab186]

sorry for messy explanation, the exact process was:
1- ldap enabled, then configured falsely
2- nextcloud display the following: internal server error
after deleting the config server returns to normal, trying again, server keep getting internal error
after trying to make changes according to user forums:
1- adding a specific line to Ajax files in nextcloud files, changing to memcache to apcu
those edits got more errors so they got deleted
2- server crashes immediately after enabling user_ldap using occ
3- gui refuses to enable it saying it makes the server unstable

now team decided to revert to older snapshot so i don't have the old logs of theses processes, but i have the current logs, they still full of ldap errors
nextcloud (2).log

[small1]

Can you check the linux audit logs? you have dns errors and a few other things. Just to rule out selinux problems. (as you are running on rhel/centos)

[zainab186]

SElinux is set off by setenforce 0, unless there's another way? dns issue appeared after changing the dns because i thought it was the issue, so anyway we are rolling back to the old one

[zainab186]

since i got internal error again, these are the logs:

---

Level App Message Time

---

Error index Exception: LDAP Operations error at 2024-05-08T10:31:08+00:00
apps/user_ldap/lib/LDAP.php line 388

                     0. .../LDAP.php line 420

                        OCA\User_LDAP\LDAP->processLDAPError(



                        )

                     1. .../LDAP.php line 309

                        OCA\User_LDAP\LDAP->postFunctionCall(



                        )

                     2. .../LDAP.php line 215

                        OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensit ... *")

                     3. <<closure>>

                        OCA\User_LDAP\LDAP->search(



                        )

                     4. .../lib/Access.php line 1067

                        call_user_func_array(



                        )

                     5. .../Access.php line 1070

                        OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("* ... *")

                     6. .../Access.php line 1128

                        OCA\User_LDAP\Access->invokeLDAPMethod("*** sens ... *")

                     7. .../Access.php line 1228

                        OCA\User_LDAP\Access->executeSearch(



                        )

                     8. .../lib/Access.php line 992

                        OCA\User_LDAP\Access->count(



                        )

                     9. .../User_LDAP.php line 594

                        OCA\User_LDAP\Access->countUsers(



                        )

                    10. .../User_Proxy.php line 405

                        OCA\User_LDAP\User_LDAP->countUsers(



                        )

                    11. .../Admin.php line 178

                        OCA\User_LDAP\User_Proxy->countUsers(



                        )

                    12. .../Admin.php line 165

                        OCA\UpdateNotification\Settings\Admin->getUserCount(



                        )

                    13. .../Admin.php line 102

                        OCA\UpdateNotification\Settings\Admin->isWebUpdaterRecommended(



                        )

                    14. .../CommonSettingsTrait.php line 140

                        OCA\UpdateNotification\Settings\Admin->getForm(



                        )

                    15. .../AdminSettingsController.php line 93

                        OCA\Settings\Controller\AdminSettingsController->formatSettings(



                        )

                    16. .../CommonSettingsTrait.php line 165

                        OCA\Settings\Controller\AdminSettingsController->getSettings(



                        )

                    17. .../AdminSettingsController.php line 77

                        OCA\Settings\Controller\AdminSettingsController->getIndexResponse(



                        )

                    18. .../Dispatcher.php line 232

                        OCA\Settings\Controller\AdminSettingsController->index(



                        )

                    19. .../Dispatcher.php line 138

                        OC\AppFramework\Http\Dispatcher->executeController(



                        )

                    20. .../App.php line 184

                        OC\AppFramework\Http\Dispatcher->dispatch(



                        )

                    21. .../Route/Router.php line 338

                        OC\AppFramework\App::main(



                        )

                    22. lib/base.php line 1050

                        OC\Route\Router->match(



                        )

                    23. index.php line 49

                        OC::handleRequest(



                        )

Warning user_ldap Bind failed: 49: Invalid credentials 2024-05-08T10:38:42+00:00

Error PHP ldap_search(): Search: Operations error at 2024-05-08T10:38:42+00:00
/var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php#307

Error support Exception: LDAP Operations error at 2024-05-08T10:38:42+00:00
apps/user_ldap/lib/LDAP.php line 388

                     0. .../LDAP.php line 420

                        OCA\User_LDAP\LDAP->processLDAPError(



                        )

                     1. .../LDAP.php line 309

                        OCA\User_LDAP\LDAP->postFunctionCall(



                        )

                     2. .../LDAP.php line 215

                        OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensit ... *")

                     3. <<closure>>

                        OCA\User_LDAP\LDAP->search(



                        )

                     4. .../lib/Access.php line 1067

                        call_user_func_array(



                        )

                     5. .../Access.php line 1070

                        OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("* ... *")

                     6. .../Access.php line 1128

                        OCA\User_LDAP\Access->invokeLDAPMethod("*** sens ... *")

                     7. .../Access.php line 1228

                        OCA\User_LDAP\Access->executeSearch(



                        )

                     8. .../lib/Access.php line 992

                        OCA\User_LDAP\Access->count(



                        )

                     9. .../User_LDAP.php line 594

                        OCA\User_LDAP\Access->countUsers(



                        )

                    10. .../User_Proxy.php line 405

                        OCA\User_LDAP\User_LDAP->countUsers(



                        )

                    11. .../SubscriptionService.php line 111

                        OCA\User_LDAP\User_Proxy->countUsers(



                        )

                    12. .../SubscriptionService.php line 262

                        OCA\Support\Service\SubscriptionService->getUserCount(



                        )

                    13. .../SubscriptionAdapter.php line 49

                        OCA\Support\Service\SubscriptionService->getSubscriptionInfo(



                        )

                    14. .../Registry.php line 137

                        OCA\Support\Subscription\SubscriptionAdapter->hasValidSubscription(



                        )

                    15. .../ServerDevNotice.php line 103

                        OC\Support\Subscription\Registry->delegateHasValidSubscription(



                        )

                    16. .../Manager.php line 217

                        OCA\Settings\Settings\Personal\ServerDevNotice->getSection(



                        )

                    17. .../Manager.php line 331

                        OC\Settings\Manager->getSettings(



                        )

                    18. .../Manager.php line 292

                        OC\Settings\Manager->getPersonalSettings(



                        )

                    19. .../CommonSettingsTrait.php line 122

                        OC\Settings\Manager->getPersonalSections(



                        )

                    20. .../CommonSettingsTrait.php line 77

                        OCA\Settings\Controller\AdminSettingsController->formatPersonalSections(



                        )

                    21. .../CommonSettingsTrait.php line 164

                        OCA\Settings\Controller\AdminSettingsController->getNavigationParameters(



                        )

                    22. .../AdminSettingsController.php line 77

                        OCA\Settings\Controller\AdminSettingsController->getIndexResponse(



                        )

                    23. .../Dispatcher.php line 232

                        OCA\Settings\Controller\AdminSettingsController->index(



                        )

                    24. .../Dispatcher.php line 138

                        OC\AppFramework\Http\Dispatcher->executeController(



                        )

                    25. .../App.php line 184

                        OC\AppFramework\Http\Dispatcher->dispatch(



                        )

                    26. .../Route/Router.php line 338

                        OC\AppFramework\App::main(



                        )

                    27. lib/base.php line 1050

                        OC\Route\Router->match(



                        )

                    28. index.php line 49

                        OC::handleRequest(



                        )

Warning support Can not determine user count for OCA\User_LDAP\User_Proxy 2024-05-08T10:38:42+00:00

Error PHP ldap_search(): Search: Operations error at 2024-05-08T10:38:42+00:00
/var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php#307

Error index Exception: LDAP Operations error at 2024-05-08T10:38:42+00:00
apps/user_ldap/lib/LDAP.php line 388

                     0. .../LDAP.php line 420

                        OCA\User_LDAP\LDAP->processLDAPError(



                        )

                     1. .../LDAP.php line 309

                        OCA\User_LDAP\LDAP->postFunctionCall(



                        )

                     2. .../LDAP.php line 215

                        OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensit ... *")

                     3. <<closure>>

                        OCA\User_LDAP\LDAP->search(



                        )

                     4. .../lib/Access.php line 1067

                        call_user_func_array(



                        )

                     5. .../Access.php line 1070

                        OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("* ... *")

                     6. .../Access.php line 1128

                        OCA\User_LDAP\Access->invokeLDAPMethod("*** sens ... *")

                     7. .../Access.php line 1228

                        OCA\User_LDAP\Access->executeSearch(



                        )

                     8. .../lib/Access.php line 992

                        OCA\User_LDAP\Access->count(



                        )

                     9. .../User_LDAP.php line 594

                        OCA\User_LDAP\Access->countUsers(



                        )

                    10. .../User_Proxy.php line 405

                        OCA\User_LDAP\User_LDAP->countUsers(



                        )

                    11. .../Admin.php line 178

                        OCA\User_LDAP\User_Proxy->countUsers(



                        )

                    12. .../Admin.php line 165

                        OCA\UpdateNotification\Settings\Admin->getUserCount(



                        )

                    13. .../Admin.php line 102

                        OCA\UpdateNotification\Settings\Admin->isWebUpdaterRecommended(



                        )

                    14. .../CommonSettingsTrait.php line 140

                        OCA\UpdateNotification\Settings\Admin->getForm(



                        )

                    15. .../AdminSettingsController.php line 93

                        OCA\Settings\Controller\AdminSettingsController->formatSettings(



                        )

                    16. .../CommonSettingsTrait.php line 165

                        OCA\Settings\Controller\AdminSettingsController->getSettings(



                        )

                    17. .../AdminSettingsController.php line 77

                        OCA\Settings\Controller\AdminSettingsController->getIndexResponse(



                        )

                    18. .../Dispatcher.php line 232

                        OCA\Settings\Controller\AdminSettingsController->index(



                        )

                    19. .../Dispatcher.php line 138

                        OC\AppFramework\Http\Dispatcher->executeController(



                        )

                    20. .../App.php line 184

                        OC\AppFramework\Http\Dispatcher->dispatch(



                        )

                    21. .../Route/Router.php line 338

                        OC\AppFramework\App::main(



                        )

                    22. lib/base.php line 1050

                        OC\Route\Router->match(



                        )

                    23. index.php line 49

                        OC::handleRequest(



                        )

Warning support Can not determine user count for OCA\User_LDAP\User_Proxy 2024-05-08T10:38:42+00:00

Error PHP ldap_search(): Search: Operations error at 2024-05-08T10:38:42+00:00
/var/www/html/nextcloud/apps/user_ldap/lib/LDAP.php#307

Error index Exception: LDAP Operations error at 2024-05-08T10:38:42+00:00
apps/user_ldap/lib/LDAP.php line 388

                     0. .../LDAP.php line 420

                        OCA\User_LDAP\LDAP->processLDAPError(



                        )

                     1. .../LDAP.php line 309

                        OCA\User_LDAP\LDAP->postFunctionCall(



                        )

                     2. .../LDAP.php line 215

                        OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensit ... *")

                     3. <<closure>>

                        OCA\User_LDAP\LDAP->search(



                        )

                     4. .../lib/Access.php line 1067

                        call_user_func_array(



                        )

                     5. .../Access.php line 1070

                        OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("* ... *")

                     6. .../Access.php line 1128

                        OCA\User_LDAP\Access->invokeLDAPMethod("*** sens ... *")

                     7. .../Access.php line 1228

                        OCA\User_LDAP\Access->executeSearch(



                        )

                     8. .../lib/Access.php line 992

                        OCA\User_LDAP\Access->count(



                        )

                     9. .../User_LDAP.php line 594

                        OCA\User_LDAP\Access->countUsers(



                        )

                    10. .../User_Proxy.php line 405

                        OCA\User_LDAP\User_LDAP->countUsers(



                        )

                    11. .../Admin.php line 178

                        OCA\User_LDAP\User_Proxy->countUsers(



                        )

                    12. .../Admin.php line 165

                        OCA\UpdateNotification\Settings\Admin->getUserCount(



                        )

                    13. .../Admin.php line 102

                        OCA\UpdateNotification\Settings\Admin->isWebUpdaterRecommended(



                        )

                    14. .../CommonSettingsTrait.php line 140

                        OCA\UpdateNotification\Settings\Admin->getForm(



                        )

                    15. .../AdminSettingsController.php line 93

                        OCA\Settings\Controller\AdminSettingsController->formatSettings(



                        )

                    16. .../CommonSettingsTrait.php line 165

                        OCA\Settings\Controller\AdminSettingsController->getSettings(



                        )

                    17. .../AdminSettingsController.php line 77

                        OCA\Settings\Controller\AdminSettingsController->getIndexResponse(



                        )

                    18. .../Dispatcher.php line 232

                        OCA\Settings\Controller\AdminSettingsController->index(



                        )

                    19. .../Dispatcher.php line 138

                        OC\AppFramework\Http\Dispatcher->executeController(



                        )

                    20. .../App.php line 184

                        OC\AppFramework\Http\Dispatcher->dispatch(



                        )

                    21. .../Route/Router.php line 338

                        OC\AppFramework\App::main(



                        )

                    22. lib/base.php line 1050

                        OC\Route\Router->match(



                        )

                        OC::handleRequest(



                        )

---

[zainab186]

[zainab186]

deleted this line from config.php file, works again now

[zainab186]

issue solved by providing the right creds.