Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: WebDAV not working with LDAP OTP #35880

Closed
6 of 9 tasks
duburcqa opened this issue Dec 24, 2022 · 4 comments
Closed
6 of 9 tasks

[Bug]: WebDAV not working with LDAP OTP #35880

duburcqa opened this issue Dec 24, 2022 · 4 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 25-feedback bug feature: authentication feature: ldap needs info stale Ticket or PR with no recent activity

Comments

@duburcqa
Copy link

duburcqa commented Dec 24, 2022
edited
Loading

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

WebDAV access is not working with FreeIPA LDAP backend with OTP. More precisely, the password has an OTP token as suffix, which means there is a single password but constantly changing. It seems to be related to these issues: #11113
nextcloud/documentation#9726

I can confirm 'auth.storeCryptedPassword' => false is fixing the logout issue every 5 min, but WebDAV access is still not working at all. It is completely impossible to connect. After disabling OTP everything is fine.

Steps to reproduce

  1. Enable OTP in FreeIPA
  2. Try to connect via WebDAV (davs://<hostname>/remote.php/dav/files/<username>)
  3. Getting authentication failure

Expected behavior

If the OTP is currently valid, authentication should be successful.

Installation method

Community Manual installation with Archive

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.local.tplusone.io"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "cloud.local.tplusone.io",
        "overwriteprotocol": "https",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.2.3",
        "overwrite.cli.url": "https:\/\/cloud.local.tplusone.io",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "default_phone_region": "FR",
        "maintenance": false,
        "theme": "",
        "loglevel": 0,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "skeletondirectory": "",
        "defaultapp": "files",
        "allow_user_to_change_display_name": false,
        "auth.bruteforce.protection.enabled": true,
        "trashbin_retention_obligation": "auto, 14",
        "mail_smtpsecure": "ssl",
        "auth.storeCryptedPassword": false
    }
}

List of activated Apps

Enabled:
  - activity: 2.17.0
  - calendar: 4.1.2
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contactsinteraction: 1.6.0
  - dav: 1.24.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_accesscontrol: 1.15.1
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - nextcloud_announcements: 1.14.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - richdocuments: 7.0.2
  - richdocumentscode: 22.5.802
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - spreed: 15.0.2
  - survey_client: 1.13.0
  - systemtags: 1.15.0
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - twofactor_totp: 7.0.0
  - updatenotification: 1.15.0
  - user_ldap: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - workflowengine: 2.7.0
Disabled:
  - admin_audit
  - bruteforcesettings
  - contacts: 5.0.2
  - dashboard: 7.5.0
  - encryption: 2.13.0
  - files_external
  - firstrunwizard: 2.14.0
  - mail: 2.2.2
  - password_policy: 1.15.0
  - photos: 2.0.1
  - support: 1.8.0
  - suspicious_login
  - weather_status: 1.5.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"BhMpYqqffRLdAcQrY8so","level":2,"time":"2022-12-24T16:58:38+00:00","remoteAddr":"10.2.2.3","user":"--","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/alexis.duburcq","message":"Bind failed: 49: Invalid credentials","userAgent":"gvfs/1.48.2","version":"25.0.2.3","data":{"app":"user_ldap"},"id":"63a736ea02541"}

Additional info

No response
@duburcqa duburcqa added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Dec 24, 2022
@joshtrichards
Copy link
Member

Hi @duburcqa - Are you still experiencing this?

@nextcloud-command
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

@nextcloud-command nextcloud-command added the stale Ticket or PR with no recent activity label Sep 18, 2024
@nextcloud-command nextcloud-command closed this as not planned Won't fix, can't repro, duplicate, stale Oct 5, 2024
@duburcqa
Copy link
Author

duburcqa commented Oct 5, 2024

The issue has been fixed ? On my side, I’m not planning to use OTP anymore due to a collection of issues like this with our whole tool suite and not enough benefits, so i cannot tell you whether it is not buggy or not.

@joshtrichards
Copy link
Member

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#auth-storecryptedpassword

#11113 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 25-feedback bug feature: authentication feature: ldap needs info stale Ticket or PR with no recent activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joshtrichards @duburcqa @szaimen @nextcloud-command