Owncloud upgrade to 10.0.4-20180315 webui fails

audiolinux · March 31, 2018, 4:31pm

Hi everyone,

after upgrading the owncloud app to 10.0.4-20180315, ownclouds webui brings Internal Server Error. It seems that the connection to the ldap server fails.

I logged into the docker environment via
univention-app shell owncloud
and checked the ldap config:

occ ldap:test-config s01
The configuration is valid, but the Bind failed. Please check the server settings and credentials.

The owncloud instance tries to connect to the ldap server using its machine account and pw, am I right?

Cheers
Sebastian

audiolinux · April 2, 2018, 7:31am

Ownclouds logfile shows this

{"reqId":"111cccf2-2b34-46ca-a1d0-23ae83230cad","level":4,"time":"2018-04-02T09:27:20+02:00","remoteAddr":"172.17.42.1","user":"--","app":"webdav","method":"PROPFIND","url":"\/owncloud\/remote.php\/webdav\/","message":"Exception: {\"Message\":\"HTTP\\\/1.1 503 OC\\\\ServerNotAvailableException: Connection to LDAP server could not be established\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(201): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(150): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#6 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#7 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#8 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php\",\"Line\":157,\"User\":false}"}

Can I check somehow an ldap connect from within the owncloud container?

Cheers
Sebstian

audiolinux · April 3, 2018, 9:25am

Hi again,

when I upgrade the owncloud instance, the upgrade complains:

setting binddn and bindpwdfile
E: object not found

Where does the upgrade expecting these settings?

Cheers
Sebastian

damrose · April 3, 2018, 10:20am

Hi,

That message originates from the apps preinst script, see the beginning of
/var/cache/univention-appcenter/appcenter.software-univention.de/4.1/owncloud_20180315081545.preinst
There is no check if these commands have to be executed, and the old schema object is not found. This was relevant when users were migrating from the old owncloud82 app to the new app version. The message can be ignored.

The configuration of the ldap connection is done in the apps setup script,
/var/cache/univention-appcenter/appcenter.software-univention.de/4.1/owncloud_20180315081545.setup
which is executed in the docker container. Inside the container, you can check /var/log/appcenter-install.log for any errors. To test the ldap connection inside the container, install the package ldap-utils and execute something like
ldapsearch -h ${LDAP_MASTER} -D ${LDAP_HOSTDN} -w$(</etc/machine.secret) -b <YOUR_LDAP_BASE> uid=Administrator

audiolinux · April 3, 2018, 10:58am

Hi,

Thank you very much. I successfully tested the ldap connect with an admin account. Using the machine account and password brings an “invalid credentials” message.

root@owncloud:# univention-ldapsearch -D cn=owncl-11344185,cn=memberserver,cn=computers,dc=some,dc=domain,dc=de -w$(</etc/machine.secret)
ldap_bind: Invalid credentials (49)

In /var/log/appcenter-install.log I found that error:

enabling log log rotate
sed: kann /var/lib/univention-appcenter/apps/owncloud/conf/config.php nicht lesen: Datei oder Verzeichnis nicht gefunden
enabling log log rotate
enabling log log rotate

Surprisingly the file exists, like it did before the upgrade.

To resolve the issue (quick&dirty), I manually set a new password for that machine via umc and put it into owncloud’s ldap config.

The question is, what it’s going to happen when a machine-password renewal takes place?

Cheers
Sebastian

damrose · April 3, 2018, 11:45am

Great that your issue is fixed.

Machine password changes are initiated by the machine itself - as the owncloud docker container does not have that functionality, it will be no issue.