[Bug]: LDAP usernames full-numeric (1234) gives Exception : Trying to access array|string on value of type int

[alpapan]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

NOTE: The following bug report uses the files:scan CMD to show the problem.

However, this bug affects the WEB version as well, making nextcloud inoperable if you have

1. LDAP
2. users with numeric IDs (ie.g. 1234567).

This bug report identifies the function that causes the problem and offers a solution.
/NOTE

LDAP used to work fine but now I updated from 21 to 25 and:

sudo -u www-data php /var/www/nextcloud/occ files:scan gives the following error for users registered on LDAP.

sudo -u www-data php /var/www/nextcloud/occ files:scan -vvvv 17875471
Starting scan for user 1 out of 1 (17875471)
Exception during scan: Trying to access array offset on value of type int
#0 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(1186): OCA\Files\Command\Scan->exceptionErrorHandler()
#1 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(879): OCA\User_LDAP\Group_LDAP->filterValidGroups()
#2 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(871): OCA\User_LDAP\Group_LDAP->getGroupsByMember()
#3 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(384): OCA\User_LDAP\Group_LDAP->OCA\User_LDAP\{closure}()
#4 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(878): OCA\User_LDAP\Group_LDAP->walkNestedGroups()
#5 /var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php(820): OCA\User_LDAP\Group_LDAP->getGroupsByMember()
#6 /var/www/nextcloud/apps/user_ldap/lib/Group_Proxy.php(157): OCA\User_LDAP\Group_LDAP->getUserGroups()
#7 /var/www/nextcloud/lib/private/Group/Manager.php(331): OCA\User_LDAP\Group_Proxy->getUserGroups()
#8 /var/www/nextcloud/lib/private/Group/Manager.php(320): OC\Group\Manager->getUserIdGroupIds()
#9 /var/www/nextcloud/apps/files_external/lib/Service/UserGlobalStoragesService.php(193): OC\Group\Manager->getUserGroupIds()
#10 /var/www/nextcloud/apps/files_external/lib/Config/ConfigAdapter.php(120): OCA\Files_External\Service\UserGlobalStoragesService->getAllStoragesForUser()
#11 /var/www/nextcloud/lib/private/Files/Config/MountProviderCollection.php(124): OCA\Files_External\Config\ConfigAdapter->getMountsForUser()
#12 /var/www/nextcloud/lib/private/Files/SetupManager.php(225): OC\Files\Config\MountProviderCollection->addMountForUser()
#13 /var/www/nextcloud/lib/private/Files/SetupManager.php(317): OC\Files\SetupManager->OC\Files\{closure}()
#14 /var/www/nextcloud/lib/private/Files/SetupManager.php(226): OC\Files\SetupManager->setupForUserWith()
#15 /var/www/nextcloud/lib/private/legacy/OC_Util.php(111): OC\Files\SetupManager->setupForUser()
#16 /var/www/nextcloud/lib/private/Files/Utils/Scanner.php(113): OC_Util::setupFS()
#17 /var/www/nextcloud/lib/private/Files/Utils/Scanner.php(198): OC\Files\Utils\Scanner->getMounts()
#18 /var/www/nextcloud/apps/files/lib/Command/Scan.php(161): OC\Files\Utils\Scanner->scan()
#19 /var/www/nextcloud/apps/files/lib/Command/Scan.php(217): OCA\Files\Command\Scan->scanFiles()
#20 /var/www/nextcloud/3rdparty/symfony/console/Command/Command.php(255): OCA\Files\Command\Scan->execute()
#21 /var/www/nextcloud/core/Command/Base.php(177): Symfony\Component\Console\Command\Command->run()
#22 /var/www/nextcloud/3rdparty/symfony/console/Application.php(1009): OC\Core\Command\Base->run()
#23 /var/www/nextcloud/3rdparty/symfony/console/Application.php(273): Symfony\Component\Console\Application->doRunCommand()
#24 /var/www/nextcloud/3rdparty/symfony/console/Application.php(149): Symfony\Component\Console\Application->doRun()
#25 /var/www/nextcloud/lib/private/Console/Application.php(213): Symfony\Component\Console\Application->run()
#26 /var/www/nextcloud/console.php(100): OC\Console\Application->run()
#27 /var/www/nextcloud/occ(11): require_once('/var/www/nextcl...')
#28 {main}

I dumped the variable and it turns out the cause is because the user ID is numeric and is treated as an int instead of string:

array(2) {
  [0]=>
  int(17875471)
  [1]=>
  string(48) "cn=soils,ou=groups,dc=westernsydney,dc=edu,dc=au"
}

The code Group_LDAP.php checks array[0] if it is_string which returns FALSE for integers.

The following patch will fix it by checking if the $item is an array instead of a string

/var/www/nextcloud/apps/user_ldap/lib/Group_LDAP.php
1185c1185
<                       $dn = is_string($item) ? $item : $item['dn'][0];
---
>                       $dn = !is_array($item) ? $item : $item['dn'][0];

Steps to reproduce

1. Install nextcloud 21 with LDAP support
2. Update nextcloud to 25, one version at a time using the CLI updater (and using update command and updating DB indexes)
3. Have users with a cn that is numeric (no alpha characters)
4. run sudo -u www-data php /var/www/nextcloud/occ files:scan --all

Expected behavior

Before the patch I expected the following:

sudo -u www-data php /var/www/nextcloud/occ files:scan  17875471
Starting scan for user 1 out of 1 (17875471)
+---------+-------+--------------+
| Folders | Files | Elapsed time |
+---------+-------+--------------+
| 5       | 1     | 00:00:00     |
+---------+-------+--------------+

but it produced the above error. By applying the above patch, the expected behaviour is correct.

Installation method

Community Manual installation with Archive

Operating system

Debian/Ubuntu

PHP engine version

PHP 7.4

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "default_phone_region": "AU",
        "default_locale": "en_AU",
        "force_locale": "en_AU",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.stressedfruitfly.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/nextcloud.stressedfruitfly.com",
        "htaccess.RewriteBase": "\/",
        "dbtype": "pgsql",
        "version": "25.0.1.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "cache_path": "\/data_storage\/www-cluster\/gpi\/nextcloud_cache",
        "memcache.distributed": "\\OC\\Memcache\\Memcached",
        "memcached_servers": [
            [
                "localhost",
                11211
            ]
        ],
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "tempdirectory": "\/data_storage\/tmp\/",
        "filesystem_check_changes": 1,
        "part_file_in_storage": true,
        "filelocking.enabled": true,
        "activity_expire_days": 365,
        "enable_previews": false,
        "maintenance": false,
        "data-fingerprint": "23cb6e29fbd08e068cb84c508b4b99eb",
        "theme": "",
        "loglevel": 0,
        "mail_sendmailmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "orcid",
            "mindmaps"
        ],
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - activity: 2.17.0
  - announcementcenter: 6.4.0
  - bruteforcesettings: 2.5.0
  - calendar: 4.1.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contacts: 5.0.1
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - deck: 1.8.2
  - drawio: 1.0.5
  - external: 5.0.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_external: 1.17.0
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - integration_dropbox: 1.0.5
  - integration_github: 1.0.13
  - integration_google: 1.0.8
  - integration_mastodon: 1.0.3
  - integration_mattermost: 1.0.3
  - integration_onedrive: 1.1.4
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - news: 19.0.0
  - notes: 4.6.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - systemtags: 1.15.0
  - tasks: 0.14.5
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - updatenotification: 1.15.0
  - user_ldap: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - welcome: 1.0.2
  - workflowengine: 2.7.0
Disabled:
  - admin_audit
  - circles: 22.1.1
  - encryption
  - files_antivirus: 3.3.1
  - files_fulltextsearch: 24.0.1
  - files_markdown: 2.3.6
  - firstrunwizard: 2.11.0
  - flowupload: 1.1.3
  - fulltextsearch: 23.0.0
  - integration_reddit: 1.0.5
  - integration_restya: 1.0.1
  - ldap_write_support: 1.5.0
  - nextcloud_announcements: 1.2.0
  - orcid: 1.1.1
  - photos: 1.4.0
  - sharebymail: 1.12.0
  - sharepoint: 1.11.0
  - spreed: 13.0.11
  - support: 1.5.0
  - survey_client: 1.10.0
  - suspicious_login
  - user_external: 3.0.0
  - weather_status: 1.1.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

available if you really need them

Additional info

No response

[solracsf]

Mind to push a PR?

[alpapan]

apologies, yes!

[come-nc]

I cannot reproduce the problem:

$ occ files:scan -vvv 123455
Starting scan for user 1 out of 1 (123455)
        Folder  /123455/
        Folder  /123455/files
        File    /123455/files/Nextcloud_Server_Administration_Manual.pdf
        Folder  /123455/files/Modèles
        Folder  /123455/files/Media
        File    /123455/files/Media/photo-1495962637988-4be9db2af01f.jpeg
        File    /123455/files/Media/photo-1498855592392-af2bf1e0a4c7.jpeg
        File    /123455/files/Media/photo-1533658925625-2f94d23fc425.jpeg
        File    /123455/files/Media/photo-1532597751369-606119ceda8a.jpeg
        File    /123455/files/Media/Big_Buck_Bunny_1080_10s_10MB.mkv
        File    /123455/files/Media/photo-1527668441211-67a036f77ab4.jpeg
        File    /123455/files/Media/photo-1517603250781-c4eac1449a80.jpeg
        File    /123455/files/Media/photo-1503991721143-75f95ebf1e55.jpeg
        Folder  /123455/cache

+---------+-------+-----+---------+---------+--------+--------------+
| Folders | Files | New | Updated | Removed | Errors | Elapsed time |
+---------+-------+-----+---------+---------+--------+--------------+
| 5       | 9     | 0   | 0       | 0       | 0      | 00:00:00     |
+---------+-------+-----+---------+---------+--------+--------------+

[come-nc]

@alpapan Do you have steps to reproduce this on 28 or master?

Even when a field has a value like "12341234" it should be typed as a string in PHP and make no difference.
Regarding #43414 I do not understand the error there, the line given does not seem to assume user is a string, maybe you have local patches altering line numbers?

[alpapan]

I have no local patches i know off

To attempt to reproduce I'd have to reinstall the server and set it up again, about an hour's work.
probably not something i can do this month