Sharing with LDAP group misses last user (natural sort) from group #19988
Description
Steps to reproduce
- Share with LDAP group
- Last user (natural sort) is missing from group, cannot access folder, does not see it and cannot access it via activity (sees "File not found")
- Database table oc_share is missing entry for last user, but has folder with accepted = 0 and remaining users with accepted = 1.
Expected behaviour
All users of an LDAP group should be able to access the share.
Either, "accepted" cell in oc_share table should be 1 for folder or every user should be there with accepted = 1.
Actual behaviour
All users but the last (natural sort) of the LDAP group see the share, last user cannot access and cannot accept as database entry is missing.
Setting sharing.enable_share_accept and sharing.force_share_accept to anything else than false does not work, for example setting both to true makes user shares not be accepted by default and group shares not working for anyone anymore. All users are then missing from the oc_share database.
Server configuration
Operating system: Ubuntu 18.04.4 LTS
Web server: Apache 2.4
Database: MariaDB
PHP version: 7.2
Nextcloud version: 18.0.2
Updated from an older Nextcloud/ownCloud or fresh install: Updated since Nextcloud 14
Where did you install Nextcloud from: zip file and updater.phar
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- announcementcenter: 3.7.0
- calendar: 2.0.2
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- contacts: 3.2.0
- dav: 1.14.0
- deck: 0.8.0
- documentserver_community: 0.1.5
- drawio: 0.9.5
- federatedfilesharing: 1.8.0
- federation: 1.8.0
- files: 1.13.1
- files_downloadactivity: 1.7.0
- files_pdfviewer: 1.7.0
- files_rightclick: 0.15.2
- files_sharing: 1.10.1
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- firstrunwizard: 2.7.0
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- nextcloud_announcements: 1.7.0
- notes: 3.2.0
- notifications: 2.6.0
- oauth2: 1.6.0
- onlyoffice: 4.1.4
- password_policy: 1.8.0
- photos: 1.0.0
- polls: 1.3.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- ransomware_protection: 1.6.0
- recommendations: 0.6.0
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- spreed: 8.0.5
- support: 1.1.0
- systemtags: 1.8.0
- tasks: 0.12.1
- text: 2.0.0
- theming: 1.9.0
- twofactor_backupcodes: 1.7.0
- updatenotification: 1.8.0
- user_ldap: 1.8.0
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- files_accesscontrol
- files_automatedtagging
- files_external
- survey_client
Nextcloud configuration:
Config report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.***REMOVED SENSITIVE VALUE***"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/nextcloud.***REMOVED SENSITIVE VALUE***\/",
"dbtype": "mysql",
"version": "18.0.2.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance": false,
"skeletondirectory": "",
"data-fingerprint": "f78e8a3636e5e7a75be9c7682261fdd6",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"updater.release.channel": "stable",
"theme": "",
"loglevel": 1,
"mail_smtpsecure": "ssl",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"auth.bruteforce.protection.enabled": false,
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 360",
"sharing.enable_share_accept": false,
"sharing.force_share_accept": false,
"app_install_overwrite": [
"spreed"
]
}
}
Are you using external storage, if yes which one: None
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+-------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+-------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=admin,dc=xxxxxxx,dc=xxxxx |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=xxxxxxx,dc=xxxxx |
| ldapBaseGroups | ou=groups,dc=xxxxxxx,dc=xxxxx |
| ldapBaseUsers | ou=people,dc=xxxxxxx,dc=xxxxx |
| ldapCacheTTL | 60 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | cn |
| ldapExpertUUIDUserAttr | uid |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=groupOfNames))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | groupOfNames |
| ldapGroupMemberAssocAttr | member |
| ldapHost | ldaps://ldap.xxxxxxx.xxxxx |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=inetOrgPerson)))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 636 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=xxxxxxx,dc=xxxxx))) |
| ldapUserFilterGroups | nextcloud |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 1 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+-------------------------------------------------------------------------------------------+
Client configuration
Browser: Firefox 74
Operating system: Windows 10 x64
Logs
Web server error log
Web server error log
No error logged concerning this problem.
Nextcloud log (data/nextcloud.log)
Nextcloud log
No error logged concerning this problem.
Browser log
Browser log
No error logged concerning this problem.