Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP cleanup in config.php #4536

Closed
Fred-DTV opened this issue Apr 12, 2024 · 5 comments
Closed

LDAP cleanup in config.php #4536

Fred-DTV opened this issue Apr 12, 2024 · 5 comments
Labels
1. to develop Accepted and waiting to be taken care of documentation Improvements or additions to documentation good first issue Small tasks with clear documentation about how and in which place you need to fix things in. help wanted Extra attention is needed needs info Not enough information provided papercut Annoying recurring issue with possibly simple fix

Comments

@Fred-DTV
Copy link
Contributor

I was really confused when I started receiving bounced e-mail errors for the daily Nextcloud notification mail for a user that I had removed from our company (incl. the e-mail) and our nextcloud.
A lot of bounced e-mails would also eventually damage our domain's spam rating so I tried to find where in NC that e-mail address was still present.
After some time I actually found the problem and a solution: The LDAP database in NC doesn't cleanup after itself automatically. So when you delete useres via LDAP they still stay somewhere in the NC database.

The solution is quite simple:
As described here:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap_cleanup.html
You just have to add
'ldapUserCleanupInterval' => '51'
to the nextcloud config.php

Could this be implemented as default into the AIO NC containers config.php? or would this cause a problem if LDAP isn't activated?
@Fred-DTV Fred-DTV added 0. Needs triage Pending approval or rejection. This issue is pending approval. enhancement New feature or request labels Apr 12, 2024
@szaimen szaimen added documentation Improvements or additions to documentation and removed enhancement New feature or request labels Apr 16, 2024
@szaimen
Copy link
Collaborator

szaimen commented Apr 16, 2024

Hi, we will not add this by default but could add a hint to our docs. https://github.com/nextcloud/all-in-one?tab=readme-ov-file#ldap and potentially https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap

@szaimen szaimen added 1. to develop Accepted and waiting to be taken care of help wanted Extra attention is needed and removed 0. Needs triage Pending approval or rejection. This issue is pending approval. labels Apr 16, 2024
@szaimen
Copy link
Collaborator

szaimen commented Apr 16, 2024

Would you mind opening a PR that adds this? :)

@szaimen szaimen added good first issue Small tasks with clear documentation about how and in which place you need to fix things in. papercut Annoying recurring issue with possibly simple fix labels Apr 17, 2024
@Fred-DTV
Copy link
Contributor Author

Ok there seems to be more to this problem than thought.
One week later now I started receiving the bounced e-mail warnings again for the same deleted user.

So I went into the docs again and tried the following commands:
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ ldap:show-remnants
Which showed me that this specific users is deleted, which one should think should be enough to not send updates to that account anymore 😅
But to be 100% certain i even deleted the user from there by using this command:
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:delete <insert-nextcloudname-here-which-for-ldap-is-the long-string-of numbers>

I will report back and see if this solved the issue.
However, there has to be something flawed with the way NC is handling it's LDAP user database, as deleting a user from the LDAP server should be enough to clear it from NC as well.

P.S.: For reference, I am using the Synology LDAP server

@Fred-DTV Fred-DTV changed the title LDAP cleanu in config.php LDAP cleanup in config.php Apr 21, 2024
@szaimen
Copy link
Collaborator

szaimen commented Apr 30, 2024

I will report back and see if this solved the issue.

Did it?

@szaimen szaimen added the needs info Not enough information provided label Apr 30, 2024
@Fred-DTV
Copy link
Contributor Author

Fred-DTV commented May 1, 2024

Sorry I have some private troubles at the moment so I couldn't find the time for this.

However, I think I actually found the cause of this issue: The "Everyone Group" App.
The NC extension app doesn't delete users from it's group that have been deleted from LDAP.

So I am pretty certain that this isn't a problem of NC in general.

@nextcloud nextcloud locked and limited conversation to collaborators May 13, 2024
@szaimen szaimen converted this issue into discussion #4645 May 13, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of documentation Improvements or additions to documentation good first issue Small tasks with clear documentation about how and in which place you need to fix things in. help wanted Extra attention is needed needs info Not enough information provided papercut Annoying recurring issue with possibly simple fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@szaimen @Fred-DTV