Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP: Check LDAP-query-string for sanity/ malformed syntax #1410

Closed
zeus86 opened this issue Sep 14, 2016 · 1 comment
Closed

LDAP: Check LDAP-query-string for sanity/ malformed syntax #1410

zeus86 opened this issue Sep 14, 2016 · 1 comment
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: ldap

Comments

@zeus86
Copy link

zeus86 commented Sep 14, 2016
edited
Loading

When entering a malformed LDAP-Search Query (configuration variable: user_ldap / ldap_userlist_filter), your instance of NC will instantly crash (http-requests not finishing/timeouting, even for the frontpage), because settings are instantly saved, or at least when you hit the "test settings" button.

Actual behaviour

Let's say you want your users pick from those who have "posixAccount" (or mailAddress or whatever), and are member of the group people to avoid "virtual" accounts, your query might look like this:
(|(objectclass=posixAccount)(&(memberOf=ou=people)))
this works fine, everything's okay. Assume that in your User-List are some unwanted entries, which you want to get rid of, and you might want to exclude groups instead or additionally, e.g. by replacing the & with an !. This will of course not work, but it will instantly kill your NC-Instance.
(|(objectclass=posixAccount)(&(memberOf=ou=people)(!(memberOf=ou=virtual))))

Expected behaviour

Popup showing information, that you've entered a Malformed search-query and do not test, until it is at least syntactically correct.

Quick Fix:

If you - like me - accidentally ran into that problem, you can try disabling the ldap-plugin, set a correct value by hand, and reactivate the plugin. If needed, restart the Webserver and/or the DB:


cd /var/www/<your_NC_installation_path>
sudo -u www-data php occ app:disable user_ldap
 sudo -u www-data php occ config:list | grep ldap_userlist_filter
sudo -u www-data php occ config:app:set user_ldap ldap_userlist_filter  --value "<your_LDAP_string>",
sudo -u www-data php occ app:enable user_ldap

Nextcloud version:
10.0

Updated from an older Nextcloud/ownCloud or fresh install: fresh install
fresh

this seems not to be a big deal, but it is quite annoying, that a simple typo can instantly crash your setup, and it is at least some lost time in researching what went wrong, even if the administrator is capable to fix this rather quickly. Imho a sanity check would make sense here.
@nextcloud-bot nextcloud-bot added the stale Ticket or PR with no recent activity label Jun 20, 2018
@nextcloud-bot nextcloud-bot mentioned this issue Oct 19, 2018
Closed
@dependabot-preview dependabot-preview bot mentioned this issue May 5, 2019
Merged
@skjnldsv skjnldsv added the 1. to develop Accepted and waiting to be taken care of label Jun 5, 2019
@stale stale bot removed the stale Ticket or PR with no recent activity label Jun 5, 2019
@szaimen
Copy link
Contributor

szaimen commented May 21, 2021

I am going to close this since there doesn't seem to be a lot of interest (no upvotes) and no respond since around 2 years.
If this is still happening please make sure to upgrade to the latest version. After that, feel free to reopen.

@szaimen szaimen closed this as completed May 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: ldap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nickvergessen @zeus86 @skjnldsv @nextcloud-bot @szaimen