Join Script Failed / Nextcloud update

bumann · September 29, 2018, 3:15pm

Hi,
i use newest ucs 4.3 Version. i did update from nextcloud app, but the updated failed.
After this, i can not login into nextcloud. The server shows there is a problem with join script.
So i forced the 50nextcloud script. But did not work. I think it could be a problem with letsencrypt cert,
at the moment i updated nextcloud, the key was not vaild. But now i fixt the prob with letsencryt but the prob with the nextcloud join is still there.

Log file content:

curl failed with error 51
Failed to request an LDAP config id from Nextcloud
__JOINERR__:FAILED: /usr/lib/univention-install/50nextcloud.inst
EXITCODE=51

Sa 29. Sep 16:59:51 CEST 2018
univention-run-join-scripts finished

Moritz_Bunkus · October 4, 2018, 8:58am

Hey,

the join script tries to access the URL given in the variable HOST in /usr/lib/univention-install/50nextcloud.inst, and that one is set as follows:

HOST="https://${hostname}.${domainname}/nextcloud"

The values for hostname and domainname come from the UCR variables of the same name, meaning your internal server name.

If you’re using a Let’s Encrypt certificate (or really any other third-party SSL certificate) for your UCS server, that certificate will only contain a publicly resolvable domain name and not your internal server/domain name. That’s just the nature of things. And that’s what exit/error code 51 is about: the certificate doesn’t contain a “subject alternative name” that matches the requested server name (the internal one).

I see two possibilities:

Patch the join script to use the name the server is reachable from the internet under. Simply hardocde HOST=https://my.public.server.name/nextcloud and re-run the join script. Of course you’ll have to do that every time the script itself gets updated.
Add another virtual host to your Apache web server that uses the original SSL certificates from your Univention domain (/etc/univention/ssl/<servername>/…) and that listens for that name (ServerName <servername>.<domainname>). Of course you’ll either have to re-create all the configuration for the main virtual host in your new virtual host, too, or you can configure the new virtual host to simply proxy all requests to the official domain name (ProxyPass / https://my.public.server.name/ and ProxyPassReverse https://my.public.server.name/).

m.

tafkaz · May 19, 2019, 7:07pm

sorry for hijacking this…
have a similar problem with ucs 4,4 and nextcloud but using Thawte TLS RSA CA G, not letsencrypt.

RUNNING 50nextcloud.inst
2019-05-19 20:53:24.767675443+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=ucs,dc=foo-bar,dc=org
Object exists: cn=Nextcloud,cn=services,cn=univention,dc=ucs,dc=foo-bar,dc=org
WARNING: cannot append Nextcloud to service, value exists
No modification: cn=ucs-master,cn=dc,cn=computers,dc=ucs,dc=foo-bar,dc=org
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
Object exists: cn=ldapschema,cn=univention,dc=ucs,dc=foo-bar,dc=org
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=ucs,dc=foo-bar,dc=org

Waiting for activation of the extension object nextcloud: OK
Object exists: cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
curl failed with error 7
Failed to request an LDAP config id from Nextcloud
EXITCODE=1

Any idea?
thanks
Sascha

tafkaz · May 19, 2019, 9:17pm

after a reboot we now have 51 as well, instead of

curl failed with error 7

But anyways, now we changed the corresponding join script from
HOST="https://${hostname}.${domainname}/nextcloud"
to
HOST="https://ucs.foo-bar.org/nextcloud"
and this results in

RUNNING 50nextcloud.inst
2019-05-19 23:12:14.073377144+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=ucs,dc=foo-bar,dc=org
Object exists: cn=Nextcloud,cn=services,cn=univention,dc=ucs,dc=foo-bar,dc=org
WARNING: cannot append Nextcloud to service, value exists
No modification: cn=ucs-master,cn=dc,cn=computers,dc=ucs,dc=foo-bar,dc=org
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
Object exists: cn=ldapschema,cn=univention,dc=ucs,dc=foo-bar,dc=org
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=ucs,dc=foo-bar,dc=org

Waiting for activation of the extension object nextcloud: OK
Object exists: cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
E: Object exists: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
No modification: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=ucs,dc=foo-bar,dc=org
Could not create LDAP Config at Nextcloud
EXITCODE=1

audiolinux · August 8, 2019, 12:19pm

same here. We changed the hostname in the join scipt as well. It was a fresh installation:

univention-app install nextcloud

audiolinux · November 20, 2019, 1:00pm

there seems to be a similar bug https://forge.univention.org/bugzilla/show_bug.cgi?id=44845