How to migrate Nextcloud & OpenProject to new server?

Hello,

We have just purchased a new dedicated box, we would like to migrate our whole setup to the new server but I have not been able to find any guides on doing this? So far I have just taken a snapshot of the old server and installed it on the new server, but that kind of defeats the purpose of having this new server since we wanted to try and set up a real domain instead of just having everything on one server…

So to reiterate my question:
How do I migrate app with all their data to a new server???

Hello kfk,

from my point of view there is no generalized approach to migrate apps 1:1 as the chance is high that server specific configuration or data will get corrupted in the process.
I would suggest to use the inbuilt backup & restore functionalty of both apps to migrate from the old installation to a new one on the new server.
If this is not possible you could theoretically stop the apps and copy the data and configs from one host to another, but chances that this will lead to problems or fail are present.

Best regards
Jan-Luca

1 Like

Hey, thanks for answering and sorry for the late reply…

I had been looking at the guides for doing it previously and gave up because I got confused about some things… But somehow my brain must have been working better yesterday, because I spent the evening and a bit of the night on it (mostly on watching the loading screen of the VMs installing… :slight_smile: ) and it worked like a charm…

So because of my previous confusion and in an attempt to take notes for future me and future they, I will here document the process for both NextCloud and OpenProject …

OpenProject Procedure

The backup process of OpenProject in UCS is pretty well documented here:

Except for the fact that it (actually just like OpenProjects own documentation, Backing up your OpenProject installation) recommends making the db dump like this:

PGPASSWORD="$(cat /etc/postgres-openproject.secret)"  pg_dump -U openproject -h localhost -d openproject -c -x -O > /var/backup/openproject.sql

Which makes it dump the db as a raw text dump, which the command pg_restore (as referenced here: Restoring an OpenProject backup) can’t work with…

I just inserted an F flag in front of the c flag but upon reinspecting the man page today it seems that it should have been a flag on it’s own to keep the --clean option, like this:

PGPASSWORD="$(cat /etc/postgres-openproject.secret)"  pg_dump -U openproject -h localhost -d openproject -Fc -c -x -O > openproject.sqldump

The restore is quite trivial from here:

docker stop $(ucr get appcenter/apps/openproject/container) && \
tar -xf /path/to/openproject_files.tar -C /var/lib/univention-appcenter/apps/openproject/ && \
PGPASSWORD="$(cat /etc/postgres-openproject.secret)" pg_restore -U openproject -h localhost -d openproject --clean --if-exists openproject.sqldump && \
docker start $(ucr get appcenter/apps/openproject/container) 

All from root account, ofc…

NextCloud procedure:
The NextCloud procedure was a bit more involved, but also pretty straight forward after reading and understanding several blog/manual pages…

First the backup procedure as described here:
Backup — Nextcloud latest Administration Manual latest documentation

The occ command in the NextCloud container can be accessed, as per this blog post How To Edit config.php in Nextcloud App

So first we turn on maintenance mode

univention-app shell nextcloud sudo -u www-data php /var/www/html/occ maintenance:mode --on

Then we do the same file backup procedure as for OpenProject:

tar -cvf nextcloud_files.tar /var/lib/univention-appcenter/apps/nextcloud/

Then we dump the db via this (as described here Backup — Nextcloud latest Administration Manual latest documentation):

PGPASSWORD="dbpassword" pg_dump nextcloud -h localhost -U nextcloud -f nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

and we can choose to take the instance out of maintenance mode again if we so wish/need

univention-app shell nextcloud sudo -u www-data php /var/www/html/occ maintenance:mode --off

Then on to the restore…

First thing we must before maintenance mode is to take a copy of the current LDAP config for later reference

univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:show-config --show-password > nextcloud.ldap

Maintenance mode then restore files via tar and then on to the db:

First we must delete the whole DB as described here Restoring backup — Nextcloud latest Administration Manual latest documentation

PGPASSWORD="$(cat /etc/postgresql-nextcloud.secret)" psql -h localhost -U nextcloud -d template1 -c "DROP DATABASE \"nextcloud\";"

Then to be able to create the new db we must first give the psql user nextcloud permission to do so…

So first we need to enter the psql prompt as the postgres user:

su - postgres -c psql

Then from the postgres prompt:

alter user nextcloud createdb;

Then we can exit the psql prompt and make the new db

PGPASSWORD="$(cat /etc/postgresql-nextcloud.secret)" psql -h localhost -U nextcloud -d template1 -c "CREATE DATABASE \"nextcloud\";"

and to be nice to our circadian rhythm we shall revoke the the previously given psql role from the nextcloud user via

su - postgres -c psql

Then from the postgres prompt:

alter user nextcloud nocreatedb;

and then again exit…

restore the db

PGPASSWORD="$(cat /etc/postgresql-nextcloud.secret)" psql -h localhost -U nextcloud -d nextcloud -f nextcloud-sqlbkp.bak

Watch some text fly by and take her out of maintenance mode once again and i had to also run this:

univention-app shell nextcloud sudo -u www-data php /var/www/html/occ upgrade

Then we have to fix the ldap update the ldap settings with the values from the nextcloud.ldap file… So first

cat nextcloud.ldap

Then we have somewhere to copy paste from … (please feel free to cantact me on how to do this with some “fancy” awk “magic”)

univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:set-config s01 ldapAgentName pasteYourAgentName
univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:set-config s01 ldapAgentPassword pasteYourAgentPassword
univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:set-config s01 ldapHost pasteYourHost
univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:test-config s01

gl hf <3

3 Likes

Now that I have caught the attention of a Univention engineer I should probably mention that after performing the backup2master I now have artifacts left over from the old domain in the “Computers” submenu… I guess this is because I had all the app containers on the old DC and should probably have uninstalled them from there before doing so?

So you mean they are still present in the UMC module? UCS 4 or 5? I think you can simply remove them via the UMC or the udm computers/* modules.

1 Like

Yes, they are still in the UMC module, UCS 5…

I will just redo the whole thing and uninstall the apps from the original server before doing the backup2master since it was just a test that I did…

I just thought that I would mention it because it could be quite confusing if one had a lot of machines in there :slight_smile:

1 Like

@jlk
So I finally managed to get a firewall working (ended up at pfsense) and did the migration and then the backup2master… Now both NextCloud and OpenProject is out of order…

Nexcloud will not even let me in the interface OpenProject is a bit more… Open, it will let me log in only with the admin account where I can see in the LDAP menu that it’s still trying to get LDAP info from the old master, I tried changing the LDAP server to the new master but ofc it will not work because they don’t have the same credentials… How can I fix this?

NextCloud log logically suggest that it’s experiencing the same problem…:

{"reqId":"rVnX7gi4Ae2Q6ef6TrQ6","level":3,"time":"2022-12-12T23:48:12+00:00","remoteAddr":"152.115.82.106","user":"--","app":"PHP","method":"GET","url":"/nextcloud/","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"Error","Message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"function":"ldap_start_tls"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":306,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
{"reqId":"rVnX7gi4Ae2Q6ef6TrQ6","level":3,"time":"2022-12-12T23:48:12+00:00","remoteAddr":"152.115.82.106","user":"--","app":"index","method":"GET","url":"/nextcloud/","message":"Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"OC\\ServerNotAvailableException","Message":"Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":407,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":308,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/apps/user_ldap/lib/LDAP.php","Line":368,"CustomMessage":"--"}}

UPDATE:
Uninstalling and reinstalling the OpenProject app fixed it for that, NextCloud still gives the same error…

{"reqId":"K9yrmaiIOmVQqt48cMwB","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"PHP","method":"GET","url":"/nextcloud/","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"Error","Message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"function":"ldap_start_tls"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":306,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
{"reqId":"K9yrmaiIOmVQqt48cMwB","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"index","method":"GET","url":"/nextcloud/","message":"Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"OC\\ServerNotAvailableException","Message":"Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":407,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":308,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/apps/user_ldap/lib/LDAP.php","Line":368,"CustomMessage":"--"}}
{"reqId":"FdDOYhDhGI5lyLhTFIk0","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"PHP","method":"GET","url":"/nextcloud/apps/theming/favicon?v=0","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"Error","Message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"function":"ldap_start_tls"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":306,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
{"reqId":"FdDOYhDhGI5lyLhTFIk0","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"index","method":"GET","url":"/nextcloud/apps/theming/favicon?v=0","message":"Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"OC\\ServerNotAvailableException","Message":"Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":407,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":308,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/apps/user_ldap/lib/LDAP.php","Line":368,"CustomMessage":"--"}}
{"reqId":"kUuQaE59CasUvBCh1WDU","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"PHP","method":"GET","url":"/nextcloud/apps/theming/icon?v=0","message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"Error","Message":"ldap_start_tls(): Unable to start TLS: Can't contact LDAP server at /var/www/html/apps/user_ldap/lib/LDAP.php#306","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"function":"ldap_start_tls"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":306,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Log/ErrorHandler.php","Line":92,"CustomMessage":"--"}}
{"reqId":"kUuQaE59CasUvBCh1WDU","level":3,"time":"2022-12-13T01:02:47+00:00","remoteAddr":"152.115.82.106","user":"--","app":"index","method":"GET","url":"/nextcloud/apps/theming/icon?v=0","message":"Lost connection to LDAP server.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"24.0.7.1","exception":{"Exception":"OC\\ServerNotAvailableException","Message":"Lost connection to LDAP server.","Code":0,"Trace":[{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":407,"function":"processLDAPError","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":308,"function":"postFunctionCall","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/LDAP.php","line":248,"function":"invokeLDAPMethod","class":"OCA\\User_LDAP\\LDAP","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":653,"function":"startTls","class":"OCA\\User_LDAP\\LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":602,"function":"doConnect","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":228,"function":"establishConnection","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Connection.php","line":236,"function":"init","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/Access.php","line":191,"function":"getConnectionResource","class":"OCA\\User_LDAP\\Connection","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_LDAP.php","line":324,"function":"readAttribute","class":"OCA\\User_LDAP\\Access","type":"->"},{"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_LDAP","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":108,"function":"call_user_func_array"},{"file":"/var/www/html/apps/user_ldap/lib/Proxy.php","line":155,"function":"walkBackends","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":244,"function":"handleRequest","class":"OCA\\User_LDAP\\Proxy","type":"->"},{"file":"/var/www/html/apps/user_ldap/lib/User_Proxy.php","line":221,"function":"userExistsOnLDAP","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Manager.php","line":176,"function":"userExists","class":"OCA\\User_LDAP\\User_Proxy","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":861,"function":"get","class":"OC\\User\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1078,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1019,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/apps/user_ldap/lib/LDAP.php","Line":368,"CustomMessage":"--"}}

UPDATE2:
I tried ‘rm /var/lib/univention-appcenter/apps/nextcloud/data/integration/initial_config_done’ and the uninstall and install the app, it made no difference…

UPDATE3:
The joinscript for nexclud fails, this is the log:

univention-run-join-scripts started
Tue Dec 13 01:33:31 GMT 2022

univention-join-hooks: looking for hook type "join/pre-joinscripts" on ucs-3289.kulturforeningenkasimir.dk
Found hooks:
  
RUNNING 50nextcloud.inst
2022-12-13 01:33:34.085851039+00:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=kulturforeningenkasimir,dc=dk
Object exists: cn=Nextcloud Hub,cn=services,cn=univention,dc=kulturforeningenkasimir,dc=dk
No modification: cn=ucs-3289,cn=dc,cn=computers,dc=kulturforeningenkasimir,dc=dk
WARNING: cannot append Nextcloud Hub to service, value exists
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
Object exists: SAMLServiceProviderIdentifier=https://ucs-3289.kulturforeningenkasimir.dk/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=kulturforeningenkasimir,dc=dk
Config value type for app user_saml set to saml
Config value general-require_provisioned_account for app user_saml set to 1
Config value general-allow_multiple_user_back_ends for app user_saml set to 1

                                                                 
  There are no commands defined in the "saml:config" namespace.  
                                                                 

Could not create LDAP Config at Nextcloud
EXITCODE=1
a6cf5e53-efa6-4eae-89c6-b089fd599c0a
univention-join-hooks: looking for hook type "join/post-joinscripts" on ucs-3289.kulturforeningenkasimir.dk
Found hooks:
  

Tue Dec 13 01:33:42 GMT 2022
univention-run-join-scripts finished

UPDATE4:
I tried completely removing nextcloud, so also removing the ucr variables, the db and the app folder… Now the join script succeeds… But still same error in NC log…

Join log:

univention-run-join-scripts started
Tue Dec 13 02:11:48 GMT 2022

univention-join-hooks: looking for hook type "join/pre-joinscripts" on ucs-3289.kulturforeningenkasimir.dk
Found hooks:
  
RUNNING 50nextcloud.inst
2022-12-13 02:11:50.450335290+00:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=kulturforeningenkasimir,dc=dk
Object exists: cn=Nextcloud Hub,cn=services,cn=univention,dc=kulturforeningenkasimir,dc=dk
No modification: cn=ucs-3289,cn=dc,cn=computers,dc=kulturforeningenkasimir,dc=dk
WARNING: cannot append Nextcloud Hub to service, value exists
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
Object exists: SAMLServiceProviderIdentifier=https://ucs-3289.kulturforeningenkasimir.dk/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=kulturforeningenkasimir,dc=dk
Config value type for app user_saml set to saml
Config value general-require_provisioned_account for app user_saml set to 1
Config value general-allow_multiple_user_back_ends for app user_saml set to 1
The provider's config was updated.
Not attempting to set LDAP configuration, because NC is already installed and set up.

In LDAP.php line 368:
                                   
  Lost connection to LDAP server.  
                                   

ldap:test-config <configID>

Updating LDAP bind credentials
Not attempting to modify users.
Not attempting to add Administrator to admin group, because NC is already installed and set up.
Check for richdocuments app
Check for onlyoffice app
2022-12-13 02:12:04.349999253+00:00 (in joinscript_save_current_version)
EXITCODE=0
univention-join-hooks: looking for hook type "join/post-joinscripts" on ucs-3289.kulturforeningenkasimir.dk
Found hooks:
  

Tue Dec 13 02:12:04 GMT 2022
univention-run-join-scripts finished

Update:
So I have tried many many things now to get the nextcloud instance to work again, the last thing I tried was just copying over the user data and restoring the db which also didn’t work… So I suppose that the LDAP info is actually stored in the postgres db, which means that I amat a complete loss of what to do from here :cry:

Hey kfk,

I would really like to help you, but I am at a loss too since you said to you cleaned UCR, the database and the app folder… :confused: Unfortunately I have no test environment with Nextcloud installed at hand to have a deeper look - The only thing that would come to my mind is to convince the Nextcloud container that the LDAP is in fact somewhere else, maybe you could redirect the requests to your new host via adding it with the Docker --add-host flag?
This can be done with the UCRV appcenter/apps/nextcloud/docker/params.

Regards
Jan-Luca

Hey Jan-Luca, I ended up solving it with occ and was just about to make a write up about it :slight_smile: Just didn’t get around to it yet since I got stuck with some DNS things now… The stuck part mainly being that I don’t understand it so I am about to read this 11.2. Administration of DNS data with BIND — Univention Corporate Server - Manual for users and administrators

1 Like

I will probably delete some messages when I do the write up btw, so future readers don’t have to read through my “debugging” process

Glad that you figured it out, sound great and I am looking forward to your write-up. :relieved:

Btw, can I PM you about something unrelated to this topic?

Mastodon