Nextcloud version 12 update - group memberships restricted?

nextcloud
ucs-4-2

#1

Hi,

after updating to UCS 4.2-2 I actualized Nextcloud from version 11 to 12.

I had several groups defined in UMC/LDAP to share folders between users. This has worked fine with Nextcloud 11. In version 12, it seems to me like each user is listed only in one group (looking at the user / group settings in Nextcloud), while the memberships in LDAP are fine.

Users who need to be in more than one group to access shared content don’t see all files.

Any hints?

Regards
Tani


#2

Hi @tanatos, could you be a bit more precise in your error description, best give steps to reproduce the misbehaviour?

So far I understand that you try to share a file to a group, and a user who is in several groups including this one does not see the share. Is this correct?


#3

Hi,

yes, that is correct. Let me try to give an Example:

  • LDAP group group01 has members user01 and user02
  • LDAP group group02 has members user02 and user03
  • user04 exports two directories: dir01 to group01, dir02 to group02

Using an administrative account in Nextcloud to look into the Nextcloud settings shows only one group membership for each user, in the example user02 would be only in group01 and therefore has only access to dir01 - prior to the update user02 had access to both directories.

Hope the example makes it better understandable?

Tani


#4

Yes, thanks! I look into it.


#5

@tanatos Unfortunately you came across a bug (https://github.com/nextcloud/server/issues/5273), which expresses itself by side-effects on some specific setups. In this case the combination of available gidNumber attribute (for OpenLDAP “primary” group support) and the association of group members by uniquemember attribute caused such a code path…

I proposed a fix https://github.com/nextcloud/server/pull/6453 which will be backported to Nextcloud 12 as soon as it is tested, reviewed and merged. Sadly, there is no workaround other than fixing the code.


#6

Thanks and good to know that the issue was reproducible!

When is the update expected to be available in Univention App Center?


#7

The fix will go into 12.0.4 only, however I’ll patch the next UCS maintenance release (→ 12.0.3) with it. 12.0.3 is in RC state currently and is planned to be released next week. As soon as we have the final build I’ll prepare the UCS app as well.


#8

Unluckily there is a bug in user_saml which is blocking the database upgrade:



PHP Fatal error: Class OCA\User_SAML\UserBackend contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (OCP\Authentication\IApacheBackend::getLogoutUrl) in /path/to/nextcloud/apps/user_saml/lib/userbackend.php on line 34

#9

Please follow https://github.com/nextcloud/server/issues/6501 on this issue