Problem:
If an installed application cannot reach the LDAP server internally, there can be several reasons.
In my case, Nextcloud, which is installed in a Docker container, could not reach the LDAP server and i get a trace back like:
ServerNotAvailableException: Lost connection to LDAP server
So the Nextcloud container could not reach the LDAP server internally. This sounds a bit like a configuration problem, possibly internal DNS resolution.
Solution:
So I tried to get some information from the Nextcloud container with:
univention-app shell nextcloud sudo -u www-data php /var/www/html/occ ldap:show-config | grep Host
Responding takes too long, unusual behavior for me.
So i need more information about the configuration. In this path you will find several information from the installed apps.
/var/lib/univention-appcenter/apps/
The configuration for Nextcloud, you will find under
/var/lib/univention-appcenter/apps/nextcloud/nextcloud.env
update_secure_apt=yes
UPDATE_SECURE_APT=yes
repository_app_center_server=appcenter.software-univention.de
REPOSITORY_APP_CENTER_SERVER=appcenter.software-univention.de
server_role=memberserver
SERVER_ROLE=memberserver
locale=en_GB.UTF-8:UTF-8 en_US.UTF-8:UTF-8 fr_FR.UTF-8:UTF-8 de_DE.UTF-8:UTF-8
LOCALE=en_GB.UTF-8:UTF-8 en_US.UTF-8:UTF-8 fr_FR.UTF-8:UTF-8 de_DE.UTF-8:UTF-8
ldap_server_name=webmail.univention.org
LDAP_SERVER_NAME=webmail.univention.org
updater_identify=Docker App
UPDATER_IDENTIFY=Docker App
ldap_server_ip=127.0.0.1
LDAP_SERVER_IP=127.0.0.1
domainname=univention.org
DOMAINNAME=univention.org
db_port=5432
DB_PORT=5432
ldap_hostdn=cn=nextc-23070762,cn=memberserver,cn=computers,dc=univention,dc=org
LDAP_HOSTDN=cn=nextc-23070762,cn=memberserver,cn=computers,dc=univention,dc=org
db_user=nextcloud
DB_USER=nextcloud
nameserver_option_timeout=2
NAMESERVER_OPTION_TIMEOUT=2
postgres8_autostart=no
POSTGRES8_AUTOSTART=no
update_warning_releasenotes=no
UPDATE_WARNING_RELEASENOTES=no
repository_online_server=https://updates.software-univention.de/
REPOSITORY_ONLINE_SERVER=https://updates.software-univention.de/
db_name=nextcloud
DB_NAME=nextcloud
ldap_server_type=master
LDAP_SERVER_TYPE=master
ldap_master=webmail.unifiedpatentcourt.org
LDAP_MASTER=webmail.unifiedpatentcourt.org
ldap_base=dc=univention,dc=org
LDAP_BASE=dc=univention,dc=org
nameserver_external=false
NAMESERVER_EXTERNAL=false
locale_default=en_GB.UTF-8:UTF-8
LOCALE_DEFAULT=en_GB.UTF-8:UTF-8
nameserver1=192.168.88.00
NAMESERVER1=192.168.88.00
docker_host_name=webmail.univention.org
DOCKER_HOST_NAME=webmail.univention.org
ldap_server_port=7389
LDAP_SERVER_PORT=7389
db_host=172.17.88.1
DB_HOST=172.17.88.1
ldap_master_port=7389
LDAP_MASTER_PORT=7389
NC_PERMDATADIR=/var/lib/univention-appcenter/apps/nextcloud/data
NC_PERMCONFDIR=/var/lib/univention-appcenter/apps/nextcloud/data/integration
NC_PERMCONFDIR_OLD=/var/lib/univention-appcenter/apps/nextcloud/conf
NC_UCR_DOMAIN=webmail.univention.org
After that i want to check the configuration in the container. With the following command, you get information in the container.
univention-app shell nextcloud
root@nextc-23070762:/# cat var/www/html/config/config.php
<?php
$CONFIG = array (
'trusted_domains' =>
array (
0 => 'webmail.univention.org',
1 => '192.168.88.00',
2 => '10.200.88.00',
),
'datadirectory' => '/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data',
'overwrite.cli.url' => 'https://webmail.univention.org/nextcloud',
'dbtype' => 'pgsql',
'version' => '23.0.5.1',
'dbname' => 'nextcloud',
'dbhost' => '172.17.88.1',
'dbport' => '5432',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'installed' => true,
'instanceid' => 'ocjzed6tdu88u',
'updatechecker' => 'false',
'memcache.local' => '\\OC\\Memcache\\APCu',
'overwriteprotocol' => 'https',
'overwritewbroot' => '/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'allow_local_remote_servers' => true,
'trusted_proxies' =>
array (
0 => '172.17.88.1',
),
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_from_address' => 'upcit',
'mail_domain' => 'unifiedpatentcourt.org',
'mail_smtpauth' => 1,
'mail_smtphost' => 'webmail.univention.org',
'mail_smtpname' => 'upcit',
'mail_smtpsecure' => 'ssl',
'mail_smtpport' => '465',
'loglevel' => 2,
'memcache.distributed' => '\\OC\\Memcache\\APCu',
Question:
Everything seems to be set up correctly, so why can’t Nextcloud reach the LDAP server?
Because the system can’t resolve the LDAP server, e.g. if different IP’s are set for resolution in the resolve.conf
.
root@webmail:~/univention-support# cat /etc/resolv.conf
# Warning: This file is auto-generated and might be overwritten by
# univention-config-registry.
# Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
# univention-config-registry ueberschrieben werden.
# Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
#
# /etc/univention/templates/files/etc/resolv.conf
#
domain univention.org
nameserver 192.168.88.00
#nameserver 192.168.xxx.xx
#nameserver 192.168.xx.xx
options timeout:2
By commenting out the other IP addresses, the LDAP server was able to be reached again and the problem was solved.