Nextcloud Join Script failed

Jochen77 · August 23, 2023, 2:56pm

Hi,

today i tried to install nextcloud to a ucs server. But when i run the join script there is a failure:

univention-run-join-scripts started
Mi 23. Aug 16:40:14 CEST 2023

univention-join-hooks: looking for hook type "join/pre-joinscripts" on ucs-2018.XXX.intranet
Found hooks:

RUNNING 50nextcloud.inst
2023-08-23 16:40:16.016968770+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=XXX,dc=intranet
Object exists: cn=Nextcloud Hub,cn=services,cn=univention,dc=XXX,dc=intranet
No modification: cn=ucs-2018,cn=dc,cn=computers,dc=XXX,dc=intranet
WARNING: cannot append Nextcloud Hub to service, value exists
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
LDAP Error: No such object.

EXITCODE=1
8c69b65a-d933-4f08-b21e-06e753c88a2c
univention-join-hooks: looking for hook type "join/post-joinscripts" on ucs-2018.XXX.intranet
Found hooks:


Mi 23. Aug 16:40:18 CEST 2023
univention-run-join-scripts finished

I think it is a problem with the .intranet TDL. What i did was:

1.) enter the IP and the hostname (.intranet and the external dyndns names into the hosts file (nextcloud dokker and lokal system)
2.) hardcode the hostname ucs-2018.XXX.intranet to the 50nextcloud.inst script
3.) hardcode the dyndns hostname to the 50nextcloud.inst script
4.) commented out the nextcloud_configure_saml line in the 50nextcloud.inst script

These are the sugesstions i found in old therad but nothin worked.

Can you please give me a hint how to fix this?

Kind regads

Jochen

lmoppert · August 28, 2023, 7:42pm

Hi Jochen,

i got the same error message today and focused on the “LDAP Error: No such object” message. The error is thrown when the join script tries to add an LDAP entry into the “saml-serviceprovider” container because that container didn’t exist.

I could solve this by manually creating the “saml-serviceprovider” container underneath the “univention” container and running the join script again. Afterwards the login for Nextcloud worked as expected.

Best regards
Lutz

toko42 · September 19, 2025, 9:54am

Hello Lutz,

I have run into the same error after upgrading Keycloak and Nextcloud.

Can you please explain how you did this or post a link to a more detailed description?

I’m a bit wary to just try something which possibly will make things only worse.

Thank you very much!

lmoppert · September 19, 2025, 5:25pm

Hi toko42,

I don’t think, that you ran into the same error as I did because the error is about something in the saml:config namespace. That is related to the nextcloud configuration and you might need to examine that in the corresponding docker container.

This is, what the nextcloud commandline is showing on my instance:

root@nextc-123456789:/# sudo -u www-data /var/www/html/occ saml:config:get
  - 1:
    - general-uid_mapping: uid
    - idp-entityId: https://ucs-sso.mydomain.de/simplesamlphp/saml2/idp/metadata.php
    - idp-singleLogoutService.url: https://ucs-sso.mydomain.de/simplesamlphp/saml2/idp/SingleLogoutService.php
    - idp-singleSignOnService.url: https://ucs-sso.mydomain.de/simplesamlphp/saml2/idp/SSOService.php

I have no clue whether this might help you though, sorry.

toko42 · September 19, 2025, 7:11pm

Hello Lutz,

thank you very much.

I get
"There are no commands defined in the “saml:config” namespace.

Where do I configure what you get?

It’s worth a try and if I know where to configure this, I can always roll back.

Have a nice weekend!

toko42 · September 20, 2025, 6:16am

Solution:

I only had to install the app SSO & SAML Authentication in Nextcloud for the join script to run successfully.

Kevo · September 22, 2025, 12:13am

Seems like the addition of the SSO & SAML app in Nextcloud allowed the join script to run when I attempted to upgrade this time.

Unfortunately I had another issue and had to roll back again. My UCS upgrade attempt got stuck on 5.1 and wouldn’t continue through to 5.2.

I think the problem was having the latest Keycloak app installed. There was an error about the Keycloak version not being compatible.

I think on my next attempt I will install the SSO & SAML app, then update Nextcloud and make sure that works. I will not update Keycloak and then run the UCS upgrade to 5.2. Hopefully that goes through with no errors and then I can attempt the Keycloak update after I make it to 5.2.

I’m really not enjoying this upgrade cycle.

toko42 · September 22, 2025, 5:36am

I ran into various other problems during the following update to 5.2 and rolled back because I had not enough time to take care of this.

I really would like to have a precheck which can be started manually without triggering the upgrade and thus be able to take care of any obstacles beforehand.