如何解决nextCloud LDAP Operations error?

Cloud storage

1 前言

笔者的nextCloud由之前的ownCloud升级而来,过程记录于以下章节,

如何升级ownCloud到nextCloud?


使用如下命令检查日志,

tail -f /var/log/nextcloud/nextcloud.log

可见如下错误,

{"reqId":"LNlQFae4K2UoasjwzLEn","level":3,"time":"2021-02-19T08:39:06+08:00","remoteAddr":"10.168.0.10","user":"00323401-c56f11e5-a663eb63-06a7ea03","app":"index","method":"GET","url":"/index.php/settings/user","message":{"Exception":"Exception","Message":"LDAP Operations error","Code":1,"Trace":[{"file":"/var/www/nextcloud/apps/user_ldap/lib/LDAP.php","line":420,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/LDAP.php","line":343,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/LDAP.php","line":234,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"function":"search","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/Access.php","line":1094,"function":"call_user_func_array","args":[[{"__class__":"OCA\\User_LDAP\\LDAP"},"*** sensitive parameter replaced ***"],["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/Access.php","line":1098,"function":"OCA\\User_LDAP\\{closure}","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/Access.php","line":1151,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/Access.php","line":1256,"function":"executeSearch","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***",500,null]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/Access.php","line":1007,"function":"count","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***",["*** sensitive parameter replaced ***"],"*** sensitive parameter replaced ***",null,null]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/User_LDAP.php","line":565,"function":"countUsers","class":"OCA\\User_LDAP\\Access","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/nextcloud/apps/user_ldap/lib/User_Proxy.php","line":358,"function":"countUsers","class":"OCA\\User_LDAP\\User_LDAP","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/support/lib/Service/SubscriptionService.php","line":128,"function":"countUsers","class":"OCA\\User_LDAP\\User_Proxy","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/support/lib/Service/SubscriptionService.php","line":270,"function":"getUserCount","class":"OCA\\Support\\Service\\SubscriptionService","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/support/lib/Subscription/SubscriptionAdapter.php","line":51,"function":"getSubscriptionInfo","class":"OCA\\Support\\Service\\SubscriptionService","type":"->","args":[]},{"file":"/var/www/nextcloud/lib/private/Support/Subscription/Registry.php","line":141,"function":"hasValidSubscription","class":"OCA\\Support\\Subscription\\SubscriptionAdapter","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/settings/lib/Settings/Personal/ServerDevNotice.php","line":103,"function":"delegateHasValidSubscription","class":"OC\\Support\\Subscription\\Registry","type":"->","args":[]},{"file":"/var/www/nextcloud/lib/private/Settings/Manager.php","line":190,"function":"getSection","class":"OCA\\Settings\\Settings\\Personal\\ServerDevNotice","type":"->","args":[]},{"file":"/var/www/nextcloud/lib/private/Settings/Manager.php","line":304,"function":"getSettings","class":"OC\\Settings\\Manager","type":"->","args":["personal","additional"]},{"file":"/var/www/nextcloud/lib/private/Settings/Manager.php","line":265,"function":"getPersonalSettings","class":"OC\\Settings\\Manager","type":"->","args":["additional"]},{"file":"/var/www/nextcloud/apps/settings/lib/Controller/CommonSettingsTrait.php","line":119,"function":"getPersonalSections","class":"OC\\Settings\\Manager","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/settings/lib/Controller/CommonSettingsTrait.php","line":64,"function":"formatPersonalSections","class":"OCA\\Settings\\Controller\\PersonalSettingsController","type":"->","args":["personal","personal-info"]},{"file":"/var/www/nextcloud/apps/settings/lib/Controller/CommonSettingsTrait.php","line":151,"function":"getNavigationParameters","class":"OCA\\Settings\\Controller\\PersonalSettingsController","type":"->","args":["personal","personal-info"]},{"file":"/var/www/nextcloud/apps/settings/lib/Controller/PersonalSettingsController.php","line":68,"function":"getIndexResponse","class":"OCA\\Settings\\Controller\\PersonalSettingsController","type":"->","args":["personal","personal-info"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"index","class":"OCA\\Settings\\Controller\\PersonalSettingsController","type":"->","args":["personal-info"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Settings\\Controller\\PersonalSettingsController"},"index"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Settings\\Controller\\PersonalSettingsController"},"index"]},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Settings\\Controller\\PersonalSettingsController","index",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"section":"personal-info","action":null,"_route":"settings.PersonalSettings.index"}]},{"file":"/var/www/nextcloud/lib/base.php","line":1008,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/settings/user"]},{"file":"/var/www/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/nextcloud/apps/user_ldap/lib/LDAP.php","Line":387,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36","version":"20.0.4.0"}

2 最佳实践

2.1 测试配置

sudo -u apache php /var/www/nextcloud/occ ldap:test-config s01

如果提示如下错误,

The configuration is valid, but the Bind failed. Please check the server settings and credentials.

某个属性配置不符合nextCloud的规范引起,需要注意的是,以上只是其中一个配置,多个配置需要同时检查

sudo -u apache php /var/www/nextcloud/occ ldap:test-config s02

2.2 修复配置

ldap的详细配置烦请参阅以下章节,

如何配置nextCloud LDAP?


笔者的经验是修正如下参数后正常,

sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBase "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org"
sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseGroups "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org"
sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseUsers "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org"

修改完毕后,笔者建议你使用如下命令检查配置,

sudo -u apache php /var/www/nextcloud/occ ldap:show-config | grep ldapBase

2.3 确认配置修复

sudo -u apache php /var/www/nextcloud/occ ldap:test-config s01

如果提示如下错误,

The configuration is valid and the connection could be established!
没有评论

发表评论

Cloud storage
如何解除NextCloud禁用的IP地址?

1 前言 一个问题,一篇文章,一出故事。 笔者需要解除nextCloud密码暴力破解的名单,于是产生 …

Bash
如何清理NextCloud过期账号?

1 前言 一个问题,一篇文章,一出故事。 笔者生产环境的NextCloud有用户离职后重新入职后发现 …

Cloud storage
如何安装配置twofactor_admin?

1 前言 一个问题,一篇文章,一出故事。 笔记的生产环境的nextcloud需要启用2FA(twof …