LDAP: Quota issues

[LennartFreyberg]

Steps to reproduce

1. connect nextcloud to ldap
2. configure quota field and quota default
3. quota configuration
   3.1. leave ldap user quota empty and login
   3.2. set ldap user quota and login
   3.3 delete ldap user quota and login

Expected behaviour

3.1. with ldap user quota attribute empty: the default quota should be used
3.2. with ldap user quota attribute set: the ldap value should be used (it is - this is just in preparation to step 3)
3.3. with ldap user quota attribute deleted: the default quota should be used

Actual behaviour

3.1. quota says "unlimited"
3.2. works as exspected
3.3. quota is not reset to default quota - former ldap value from step 3.2. is used

Server configuration

Operating system:
Ubuntu 16.04.1 LTS
Web server:
Apache 2.4.18 (ubuntu distro)
Database:
MySQL 5.7.16 (ubuntu distro)
PHP version:
PHP 7.0.13 (ubuntu distro)
Nextcloud version: (see Nextcloud admin page)
11.0.0
Updated from an older Nextcloud/ownCloud or fresh install:
fresh install
Where did you install Nextcloud from:
nextcloud download page
Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled: - activity: 2.4.1 - comments: 1.1.0 - dav: 1.1.1 - federatedfilesharing: 1.1.1 - federation: 1.1.1 - files: 1.6.1 - files_pdfviewer: 1.0.1 - files_sharing: 1.1.1 - files_texteditor: 2.2 - files_trashbin: 1.1.0 - files_versions: 1.4.0 - files_videoplayer: 1.0.0 - firstrunwizard: 2.0 - gallery: 16.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - nextcloud_announcements: 1.0 - notifications: 1.0.1 - password_policy: 1.1.0 - provisioning_api: 1.1.0 - serverinfo: 1.1.1 - sharebymail: 1.0.1 - survey_client: 0.1.5 - systemtags: 1.1.3 - theming: 1.1.1 - twofactor_backupcodes: 1.0.0 - updatenotification: 1.1.1 - user_ldap: 1.1.1 - workflowengine: 1.1.1 Disabled: - admin_audit - encryption - external - files_accesscontrol - files_automatedtagging - files_external - files_retention - templateeditor - user_external - user_saml

The content of config/config.php:

Config report

{ "system": { "instanceid": "ocb5mo4o8bag", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "portal.dscb.de" ], "datadirectory": "\/dscb\/nextcloud\/data", "overwrite.cli.url": "https:\/\/portal.dscb.de\/nextcloud", "dbtype": "mysql", "version": "11.0.0.10", "dbname": "nextcloud", "dbhost": "localhost", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "mail_smtpmode": "smtp", "mail_from_address": "nextcloud", "mail_domain": "deutsche-steinzeug.de", "mail_smtphost": "10.1.20.22", "mail_smtpport": "25", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory" } }

Are you using external storage, if yes which one: local/smb/sftp/...
no

Are you using encryption: yes/no
no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
ActiveDirectory

LDAP configuration (delete this part if not used)

LDAP config

+-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | cn=***,ou=***,ou=***,dc=ds,dc=local | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | x.x.x.x | | ldapBackupPort | 389 | | ldapBase | dc=ds,dc=local | | ldapBaseGroups | OU=***,dc=ds,dc=local | | ldapBaseUsers | dc=ds,dc=local | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | | | ldapGroupDisplayName | cn | | ldapGroupFilter | (|(cn=***)) | | ldapGroupFilterGroups | *** | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | member | | ldapHost | x.x.x.x | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(&(|(objectclass=organizationalPerson)(objectclass=person)(objectclass=user))(|(|(memberof=CN=***,OU=***,DC=ds,DC=local)(primaryGroupID=***))))(samaccountname=%uid)) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | dscbNextcloudQuota | | ldapQuotaDefault | 10GB | | ldapTLS | 0 | | ldapUserDisplayName | displayName | | ldapUserDisplayName2 | | | ldapUserFilter | (&(|(objectclass=organizationalPerson)(objectclass=person)(objectclass=user))(|(|(memberof=CN=***,OU=***,DC=ds,DC=local)(primaryGroupID=***)))) | | ldapUserFilterGroups | nextcloud | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | organizationalPerson;person;user | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Client configuration

Browser:
Internet Explorer 11.0.9600.18524
Google Chrome 53.0.2785.143 m
Operating system:
Windows 7 Prof. SP1 x64

Logs

Web server error log

Web server error log

...

Nextcloud log (data/nextcloud.log)

Nextcloud log

empty

Browser log

Browser log

...

[LennartFreyberg]

For 3.1 (default quota not used) i changed line 357 in lib/private/User/User.php
from
$quota = $this->config->getAppValue('files', 'default_quota', 'none');
to
$quota = $this->config->getAppValue('user_ldap', 'ldap_quota_def', 'none');

As far as it seems that works for me: Users without ldap attributes get the default quota now.

[LennartFreyberg]

For 3.3 (not switching back to default quota if ldap quota is deleted) I changed line 170 in apps/user_ldap/lib/User/User.php
from
if(isset($ldapEntry[$attr])) { $this->updateQuota($ldapEntry[$attr][0]); }
to
if(isset($ldapEntry[$attr])) { $this->updateQuota($ldapEntry[$attr][0]); } else { $this->updateQuota(null); }

Seems to work out now...

[LennartFreyberg]

To be honest - I don't know enough about the sourcecode and my php skills are too small to feel safe enough to propose a patch (plus I never did that before, so I have just no clue how to do it). Please think about my changes - if they are good enough add them to the source code, if not feel free to solve it any other way. Thanks.

[privatereese]

I have almost the same problems, Quota that is defined by nextcloud is overwriten by LDAP once in a while or after Update. Did not test "Unlimited" quota but 10GB from Nextcloud is always reverted to 9,5MB for the users after some time, only the administrator user that is nextcloud only remains unchanged.
Thanks.

[privatereese]

Is there some development on this issue? I really would appreciate a quick fix or a hint for a workaround as I am not able to change any value at the LDAP. Thanks in advance.

[privatereese]

I recently found a fix or workaround for my problem.

Under Admin -> LDAP/AD Integration -> Advanced -> Special Attributes are two fields
quota field and quota default, if these are both not filled I am able to set quota limits locally which are not reset. 9,5MB was defined here, so this value was not taken from any LDAP value but from the default value of nextcloud for ldap users.

Hope this will help anybody struggling with the same problem.

[ikonspirasi]

@privatereese are you saying that the two fields on that special attributes must not be filled in order the quota not resetted by nextcloud? because mine are empty but the quota still resetted frequently

[privatereese]

@ikonspirasi my fields are both empty as stated above and there is no resetting of quota any more.

Maybe it is not saved properly in your nextcloud ldap config or otherwise defined at your ldap server.
My ldap server did not have any quota fields that were used by nextcloud so the reset came from the default quota defined in the nextcloud ldap config.
What does frequently mean?
Did you maybe change the LDAP config again or update your nextcloud and this also changed the quota?

[ikonspirasi]

@privatereese i think the LDAP query is the problem, after i simplify it then the problem is gone, it never reset the quota again.
i'm not sure which one, but i change the LDAP query in Users (into (&(|(objectclass=user)))) and Login Attributes (into (&(&(|(objectclass=user)))(samaccountname=%uid))) tabs in LDAP/AD integration menu.
can you share your LDAP query?

[ikonspirasi]

correction, the reset are coming back again, these errors seem to be the problem "not suitable default quota found for user"
i have no idea why this happened again.

[privatereese]

@ikonspirasi sorry for the late response.

my ldap query is:

for BASE DN:
ou=W,ou=X,o=Y,c=Z
for USERS:
(|(uid=U)(uid=V))
For LOGIN ATTRIBUTES:
(|(uid=%uid))

Under Advanced and Special Attributes all fields are empty.

This is the configuration that works for me, but

• I do not have control over the LDAP I am using
• I only need certain users of the LDAP to authenticate with my Nextcloud

So the LDAP part is completely intransparent for me at this moment.

[blizzz]

3.3 should not change the value, as we do not track where the old value came from.

Otherwise it should be fixed meanwhile. If there are still issues with quota handling, please open a new issue.