Nextcloud LDAP Connect with Windows AD failed
Hi. We have a Windows AD with 2 DCs (2016 and 2012r2). Trying to connect fresh installed Nextcloud (Ubuntu, Nginx) with LDAP for User and Group Sync. Both Systems in the same Subnet, only Windows Firewall between.
Normal AD-User Operations are ok, like Connecting Windows PCs...
Nearly the Same setup done a few times without any Problems.
When I fill the LDAP integration Fields within Nextcloud get the following Errors:
Little Popup tells: "The Base DN appears to be wrong"
Base DN Detect tells me: "Base DN could not be auto-detected, please revise credentials, host and port".
Credentials are filled and proofed, also tested with an Administrator and another user account.
Credentials tested as follows (in other Setups this seems ok):
CN=Nextcloud,OU="OU of the User",DC=local,DC="Domain name",DC=de
In the Nextcloud Error-Log I get:
Error: ldap_search(): Search: Operations error at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#341
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 229:
OC\Log\ErrorHandler::onError()
<<closure>>
OCA\User_LDAP\LDAP->OCA\User_LDAP\{closure}("*** sensiti ... *")
<<closure>>
ldap_search()
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 341:
call_user_func_array()
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 234:
OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensiti ... *")
<<closure>>
OCA\User_LDAP\LDAP->search()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1094:
call_user_func_array()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1098:
OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("*** sensiti ... *")
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1151:
OCA\User_LDAP\Access->invokeLDAPMethod("*** sensiti ... *")
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1256:
OCA\User_LDAP\Access->executeSearch()
...
I'm not sure how to test if its Nextcloud or my AD having an Problem.
In AD Log "Directory Service" from the 2016 DC there is no entry.
Trying to connect to the 2012r2 DC I get some Errors but not sure whether this is related to my Test:
- System
- Provider
[ Name] Microsoft-Windows-ActiveDirectory_DomainService
[ Guid] {0e8478c5-3605-4e8c-8497-1e730c959516}
[ EventSourceName] NTDS LDAP
- EventID 1535
[ Qualifiers] 16384
Version 0
Level 4
Task 16
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2021-05-08T08:50:37.195270700Z
EventRecordID 18534371
Correlation
- Execution
[ ProcessID] 576
[ ThreadID] 1868
Channel Directory Service
Computer DC01.local.diakonie-kreis-mettmann.de
- Security
[ UserID] S-1-5-7
- EventData
000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
Please Help.
Thanks
Normal AD-User Operations are ok, like Connecting Windows PCs...
Nearly the Same setup done a few times without any Problems.
When I fill the LDAP integration Fields within Nextcloud get the following Errors:
Little Popup tells: "The Base DN appears to be wrong"
Base DN Detect tells me: "Base DN could not be auto-detected, please revise credentials, host and port".
Credentials are filled and proofed, also tested with an Administrator and another user account.
Credentials tested as follows (in other Setups this seems ok):
CN=Nextcloud,OU="OU of the User",DC=local,DC="Domain name",DC=de
In the Nextcloud Error-Log I get:
Error: ldap_search(): Search: Operations error at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#341
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 229:
OC\Log\ErrorHandler::onError()
<<closure>>
OCA\User_LDAP\LDAP->OCA\User_LDAP\{closure}("*** sensiti ... *")
<<closure>>
ldap_search()
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 341:
call_user_func_array()
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 234:
OCA\User_LDAP\LDAP->invokeLDAPMethod("*** sensiti ... *")
<<closure>>
OCA\User_LDAP\LDAP->search()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1094:
call_user_func_array()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1098:
OCA\User_LDAP\Access->OCA\User_LDAP\{closure}("*** sensiti ... *")
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1151:
OCA\User_LDAP\Access->invokeLDAPMethod("*** sensiti ... *")
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1256:
OCA\User_LDAP\Access->executeSearch()
...
I'm not sure how to test if its Nextcloud or my AD having an Problem.
In AD Log "Directory Service" from the 2016 DC there is no entry.
Trying to connect to the 2012r2 DC I get some Errors but not sure whether this is related to my Test:
- System
- Provider
[ Name] Microsoft-Windows-ActiveDirectory_DomainService
[ Guid] {0e8478c5-3605-4e8c-8497-1e730c959516}
[ EventSourceName] NTDS LDAP
- EventID 1535
[ Qualifiers] 16384
Version 0
Level 4
Task 16
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2021-05-08T08:50:37.195270700Z
EventRecordID 18534371
Correlation
- Execution
[ ProcessID] 576
[ ThreadID] 1868
Channel Directory Service
Computer DC01.local.diakonie-kreis-mettmann.de
- Security
[ UserID] S-1-5-7
- EventData
000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
Please Help.
Thanks
Last Comment
Sajid Shaik M
seems the firewall issue... Check the logs on firewall...
ASKER
Thanks. I don't think so. Windows Firewall Log is empty, even if I turn off it doesn't, work. The LDAP Port is opened. Any Other Ideas?
Did you try this article? https://rephlex.de/blog/2018/04/05/how-to-connect-nextcloud-to-active-directory-using-ad-fs-without-losing-your-mind/
Univention has a tool to be an intermediair for AD: https://nextcloud.com/blog/integrating-nextcloud-in-your-active-directory-domain-with-ucs/
An other link i found: http://www.techspacekh.com/integrating-nextcloud-user-authentication-with-ldapactive-directory-ad/
I tried using these to connect NextCloud to some FreeIPA instances ==> then there is no logging etc. So i'll try with debuging options later.
Univention has a tool to be an intermediair for AD: https://nextcloud.com/blog/integrating-nextcloud-in-your-active-directory-domain-with-ucs/
An other link i found: http://www.techspacekh.com/integrating-nextcloud-user-authentication-with-ldapactive-directory-ad/
I tried using these to connect NextCloud to some FreeIPA instances ==> then there is no logging etc. So i'll try with debuging options later.
ASKER
Thanks for the Links but there are not really helpful. We do not need SSO only standard AD-Connect.
The other Links are nice for first time Setup - so thanks for that - but I have done it a few times in a similar way.
This is the first time I have any Problems connecting LDAP between NC and Win-AD.
tests with LDP.exe on the second DC and LDAPSEARCH from the Console on Nextcloud's Ubuntu are successful?
Don't now what more to test???
The other Links are nice for first time Setup - so thanks for that - but I have done it a few times in a similar way.
This is the first time I have any Problems connecting LDAP between NC and Win-AD.
tests with LDP.exe on the second DC and LDAPSEARCH from the Console on Nextcloud's Ubuntu are successful?
Don't now what more to test???
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
