[Bug]: Lost connection to LDAP server, login not possible, neither for locale or ldap accounts.

[StefanSa]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Hi there,
We would like to introduce nextloud and are currently in the pilot phase of this project. For this we use the latest VM version of hanssonit (thanks for that). In the VM, nextcloud was updated to the latest version.
It now appears that the connection is sporadically lost during a necessary restart of the nextcloud server. The LDAP connection was previously successfully set up and running.
The fatal thing about this situation is that the local admin can no longer log in to the WebUI.
Sometimes restarting the system helped, but currently no chance.

Steps to reproduce

1. Happens sporadically and cannot be reproduced.

Expected behavior

Stable, constant connection to the LDAP server and what would be even more important, that at least the local admin (no LDAP account) can still log on to the system.

Installation method

Community VM appliance

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

root@nextcloud:~# nextcloud_occ config:list system
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "172.xx.xx.170",
            "nextcloud.xxx.com",
            "nextcloud.xxx.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "25.0.3.2",
        "overwrite.cli.url": "https:\/\/nextcloud.felten-group.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "upgrade.disable-web": true,
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": "2",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "mail_smtpmode": "smtp",
        "remember_login_cookie_lifetime": "1800",
        "log_rotate_size": "0",
        "trashbin_retention_obligation": "auto, 60",
        "versions_retention_obligation": "auto, 180",
        "activity_expire_days": "120",
        "simpleSignUpLink.shown": false,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0.5,
            "dbindex": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "default_phone_region": "de",
        "logtimezone": "Europe\/Berlin",
        "htaccess.RewriteBase": "\/",
        "maintenance": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_smtpport": "25",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "skeletondirectory": "\/var\/www\/skeleton-felten"
    }
}

List of activated Apps

root@nextcloud:~# nextcloud_occ app:list
Enabled:
  - activity: 2.17.0
  - admin_audit: 1.15.0
  - bruteforcesettings: 2.5.0
  - calendar: 4.2.1
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contacts: 5.0.2
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - deck: 1.8.3
  - end_to_end_encryption: 1.11.1
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_accesscontrol: 1.15.1
  - files_automatedtagging: 1.15.0
  - files_external: 1.17.0
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - firstrunwizard: 2.14.0
  - flow_notifications: 1.5.0
  - groupfolders: 13.1.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - nextcloud_announcements: 1.14.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - photos: 2.0.1
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - quota_warning: 1.15.0
  - ransomware_protection: 1.14.0
  - recommendations: 1.4.0
  - related_resources: 1.0.4
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - support: 1.8.0
  - survey_client: 1.13.0
  - suspicious_login: 4.3.0
  - systemtags: 1.15.0
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - updatenotification: 1.15.0
  - user_ldap: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflow_script: 1.10.0
  - workflowengine: 2.7.0
Disabled:
  - drop_account: 2.1.0
  - encryption: 2.13.0
  - extract
  - issuetemplate: 0.7.0
  - mail: 2.2.2

Nextcloud Signing status

not possible get this error message directly after login.

Interner Serverfehler
Der Server konnte die Anfrage nicht fertig stellen.

Sollte dies erneut auftreten, sende bitte die nachfolgenden technischen Einzelheiten an deinen Server-Administrator.

Weitere Details können im Server-Protokoll gefunden werden.

Technische Details
Entfernte Adresse: 10.83.234.5
Anfragekennung: 4uk5S1LcM4dnFggdy8zf

Nextcloud Logs

{"reqId":"DYlqO4cFPzMFZgnDt1Ah","level":2,"time":"2023-01-21T12:10:02+01:00","remoteAddr":"","user":"--","app":"support","method":"","url":"--","message":"Can not determine user count for OCA\\User_LDAP\\User_Proxy","userAgent":"--","version":"25.0.3.2","data":{"app":"support"}}
{"reqId":"MmxcRaxsqW513U56QnNH","level":3,"time":"2023-01-21T12:11:00+01:00","remoteAddr":"10.83.234.5","user":"89504772-1D1A-4CA2-8FD5-CC29992F70BB","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/89504772-1D1A-4CA2-8FD5-CC29992F70BB/","message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (Windows) mirall/3.6.6stable-Win64 (build 20230119) (Nextcloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"25.0.3.2","exception":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":77,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":173,"function":"handleException"}],"File":"/var/www/nextcloud/remote.php","Line":75,"message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","exception":{},"CustomMessage":"OC\\ServerNotAvailableException: Lost connection to LDAP server."}}
{"reqId":"2gGhd4SzhXurboBdY7FN","level":3,"time":"2023-01-21T12:12:02+01:00","remoteAddr":"10.83.234.5","user":"89504772-1D1A-4CA2-8FD5-CC29992F70BB","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/89504772-1D1A-4CA2-8FD5-CC29992F70BB/","message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (Windows) mirall/3.6.6stable-Win64 (build 20230119) (Nextcloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"25.0.3.2","exception":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":77,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":173,"function":"handleException"}],"File":"/var/www/nextcloud/remote.php","Line":75,"message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","exception":{},"CustomMessage":"OC\\ServerNotAvailableException: Lost connection to LDAP server."}}
{"reqId":"raTZhEK6FxhFmlN4JDtm","level":3,"time":"2023-01-21T12:13:04+01:00","remoteAddr":"10.83.234.5","user":"89504772-1D1A-4CA2-8FD5-CC29992F70BB","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/89504772-1D1A-4CA2-8FD5-CC29992F70BB/","message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (Windows) mirall/3.6.6stable-Win64 (build 20230119) (Nextcloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"25.0.3.2","exception":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":77,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":173,"function":"handleException"}],"File":"/var/www/nextcloud/remote.php","Line":75,"message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","exception":{},"CustomMessage":"OC\\ServerNotAvailableException: Lost connection to LDAP server."}}
{"reqId":"Vi7vWsXGGWToDcS2fBBh","level":3,"time":"2023-01-21T12:14:06+01:00","remoteAddr":"10.83.234.5","user":"89504772-1D1A-4CA2-8FD5-CC29992F70BB","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/89504772-1D1A-4CA2-8FD5-CC29992F70BB/","message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (Windows) mirall/3.6.6stable-Win64 (build 20230119) (Nextcloud, windows-10.0.22621 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"25.0.3.2","exception":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":77,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":173,"function":"handleException"}],"File":"/var/www/nextcloud/remote.php","Line":75,"message":"OC\\ServerNotAvailableException: Lost connection to LDAP server.","exception":{},"CustomMessage":"OC\\ServerNotAvailableException: Lost connection to LDAP server."}}

Additional info

No response

[StefanSa]

I have to partially correct myself.
This seems to be a problem with DNS and Netplan. The internal DNS servers are not reachable despite correct entries. There are probably some problems with Ubuntu in the matter. The interesting thing is that DNS worked for both external and internal. Currently we have solved the problem with the "host" file.

Fatal is still that a local user in this case can not log in via WebUI.

[szaimen]

Yes, please fix your ldap connection.

[StefanSa]

Hi Simon,
currently the LDAP connection is working again, because we have entered the internal DNS servers into the hostfile.
But what nextcloud should do, is that even with such a problem "local users" can still log in to the WebUI, especially the local admin. Such a problem with LDAP must not prevent a "local user" from logging in to the WebUI.

Grüße nach Berlin.

[joshtrichards]

Hi @StefanSa - What log entry is associated with the following attempt:

The fatal thing about this situation is that the local admin can no longer log in to the WebUI.

I'm fairly certain that should work. If you still have your test environment available I'd be curious you're seeing. May need to bump your loglevel up too troubleshoot as well:

'"loglevel": "0",`

[mihsu81]

I'm fairly certain that should work. If you still have your test environment available I'd be curious you're seeing

I'm seeing the same issue as @StefanSa in our lab environment. The local users can't log in when the LDAP (Active Directory) domains are not reachable.

[theron29]

I have to admit I have the same issue:
Yesterday evening "something" "went wrong" with my local LDAP server and it is not pssible to log into my Nextcloud 31 instance. Not even the local admin account works, which severely limits the possibilities of fixing (a possible LDAP misconfiguration) issue.

[zenlord]

@theron29 I have opened a new bug report that may help you regain access to your nextcloud instance: #58464 In nextcloud/server;

[arditiFranciscoSilva]

I have also encountred this problem of when my LDAP server goes down I cannot connect to nextcloud with my local admin, is this a configuration problem on my end or is the actual behaviour of nextcloud?