LDAP configuration was broken for weird reason ... Add some way to diagnose that kind of stuff more easily ? Idk ...

[alexAubin]

Today a user had a super weird issue where the interface with LDAP was broken : Connection to LDAP server could not be established

Not sure how that happened ... but basically these commands :

sudo -u nextcloud php occ ldap:show-config "" | grep "LoginFilter "
sudo -u nextcloud php occ ldap:show-config "" | grep "UserFilter "

were returning :

ldapLoginFilter                (&((objectclass=posixAccount)))
ldapUserFilter                 ((objectclass=posixAccount))

instead of :

ldapLoginFilter                (&((objectclass=posixAccount))(uid=%uid)
ldapUserFilter                 objectclass=posixAccount

Updating these manually with

sudo -u nextcloud php occ ldap:set-config "" ldapLoginFilter "(&(|(objectclass=posixAccount))(uid=%uid))"
sudo -u nextcloud php occ ldap:set-config "" ldapUserFilter "objectclass=posixAccount"

allowed to fix the issue though that sounds very hackish ...

Earlier I tried to user_ldap:import the json config as it's done in the install/upgrade script but the command complained that the json was not valid (but I checked it using an online validator and it was fine ...)

Anyway, what allowed to pinpoint the issue in that case was to use

sudo -u nextcloud php occ ldap:test-config ""

(the "" are important, that's the name of the config to test (yes, empty string ...))

So maybe that could be used in some future hook to interface with yunohost's diagnosis system ...

[shukon]

I had this happen too, I think I looked at the LDAP settings just before it happened and I might have clicked on something while searching for a way to purge old LDAP users that I deleted on Yunohost SSO side. I don't think I changed anything though. Fix above worked just fine & I'm mainly leaving this for reference. Thanks a lot for your work on yunohost and packaging stuff!