Sharing with LDAP group misses last user (natural sort) from group

[addy90]

Steps to reproduce

1. Share with LDAP group
2. Last user (natural sort) is missing from group, cannot access folder, does not see it and cannot access it via activity (sees "File not found")
3. Database table oc_share is missing entry for last user, but has folder with accepted = 0 and remaining users with accepted = 1.

Expected behaviour

All users of an LDAP group should be able to access the share.
Either, "accepted" cell in oc_share table should be 1 for folder or every user should be there with accepted = 1.

Actual behaviour

All users but the last (natural sort) of the LDAP group see the share, last user cannot access and cannot accept as database entry is missing.
Setting sharing.enable_share_accept and sharing.force_share_accept to anything else than false does not work, for example setting both to true makes user shares not be accepted by default and group shares not working for anyone anymore. All users are then missing from the oc_share database.

Server configuration

Operating system: Ubuntu 18.04.4 LTS

Web server: Apache 2.4

Database: MariaDB

PHP version: 7.2

Nextcloud version: 18.0.2

Updated from an older Nextcloud/ownCloud or fresh install: Updated since Nextcloud 14

Where did you install Nextcloud from: zip file and updater.phar

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - accessibility: 1.4.0
  - activity: 2.11.0
  - admin_audit: 1.8.0
  - announcementcenter: 3.7.0
  - calendar: 2.0.2
  - cloud_federation_api: 1.1.0
  - comments: 1.8.0
  - contacts: 3.2.0
  - dav: 1.14.0
  - deck: 0.8.0
  - documentserver_community: 0.1.5
  - drawio: 0.9.5
  - federatedfilesharing: 1.8.0
  - federation: 1.8.0
  - files: 1.13.1
  - files_downloadactivity: 1.7.0
  - files_pdfviewer: 1.7.0
  - files_rightclick: 0.15.2
  - files_sharing: 1.10.1
  - files_trashbin: 1.8.0
  - files_versions: 1.11.0
  - files_videoplayer: 1.7.0
  - firstrunwizard: 2.7.0
  - logreader: 2.3.0
  - lookup_server_connector: 1.6.0
  - nextcloud_announcements: 1.7.0
  - notes: 3.2.0
  - notifications: 2.6.0
  - oauth2: 1.6.0
  - onlyoffice: 4.1.4
  - password_policy: 1.8.0
  - photos: 1.0.0
  - polls: 1.3.0
  - privacy: 1.2.0
  - provisioning_api: 1.8.0
  - ransomware_protection: 1.6.0
  - recommendations: 0.6.0
  - serverinfo: 1.8.0
  - settings: 1.0.0
  - sharebymail: 1.8.0
  - spreed: 8.0.5
  - support: 1.1.0
  - systemtags: 1.8.0
  - tasks: 0.12.1
  - text: 2.0.0
  - theming: 1.9.0
  - twofactor_backupcodes: 1.7.0
  - updatenotification: 1.8.0
  - user_ldap: 1.8.0
  - viewer: 1.2.0
  - workflowengine: 2.0.0
Disabled:
  - encryption
  - files_accesscontrol
  - files_automatedtagging
  - files_external
  - survey_client

Nextcloud configuration:

Config report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.***REMOVED SENSITIVE VALUE***"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/nextcloud.***REMOVED SENSITIVE VALUE***\/",
        "dbtype": "mysql",
        "version": "18.0.2.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "maintenance": false,
        "skeletondirectory": "",
        "data-fingerprint": "f78e8a3636e5e7a75be9c7682261fdd6",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "updater.release.channel": "stable",
        "theme": "",
        "loglevel": 1,
        "mail_smtpsecure": "ssl",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "auth.bruteforce.protection.enabled": false,
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 360",
        "sharing.enable_share_accept": false,
        "sharing.force_share_accept": false,
        "app_install_overwrite": [
            "spreed"
        ]
    }
}

Are you using external storage, if yes which one: None

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP

LDAP configuration (delete this part if not used)

LDAP config

+-------------------------------+-------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                           |
+-------------------------------+-------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                         |
| homeFolderNamingRule          |                                                                                           |
| lastJpegPhotoLookup           | 0                                                                                         |
| ldapAgentName                 | cn=admin,dc=xxxxxxx,dc=xxxxx                                                              |
| ldapAgentPassword             | ***                                                                                       |
| ldapAttributesForGroupSearch  |                                                                                           |
| ldapAttributesForUserSearch   |                                                                                           |
| ldapBackupHost                |                                                                                           |
| ldapBackupPort                |                                                                                           |
| ldapBase                      | dc=xxxxxxx,dc=xxxxx                                                                       |
| ldapBaseGroups                | ou=groups,dc=xxxxxxx,dc=xxxxx                                                             |
| ldapBaseUsers                 | ou=people,dc=xxxxxxx,dc=xxxxx                                                             |
| ldapCacheTTL                  | 60                                                                                        |
| ldapConfigurationActive       | 1                                                                                         |
| ldapDefaultPPolicyDN          |                                                                                           |
| ldapDynamicGroupMemberURL     |                                                                                           |
| ldapEmailAttribute            | mail                                                                                      |
| ldapExperiencedAdmin          | 0                                                                                         |
| ldapExpertUUIDGroupAttr       | cn                                                                                        |
| ldapExpertUUIDUserAttr        | uid                                                                                       |
| ldapExpertUsernameAttr        |                                                                                           |
| ldapExtStorageHomeAttribute   |                                                                                           |
| ldapGidNumber                 | gidNumber                                                                                 |
| ldapGroupDisplayName          | cn                                                                                        |
| ldapGroupFilter               | (&(|(objectclass=groupOfNames)))                                                          |
| ldapGroupFilterGroups         |                                                                                           |
| ldapGroupFilterMode           | 0                                                                                         |
| ldapGroupFilterObjectclass    | groupOfNames                                                                              |
| ldapGroupMemberAssocAttr      | member                                                                                    |
| ldapHost                      | ldaps://ldap.xxxxxxx.xxxxx                                                                |
| ldapIgnoreNamingRules         |                                                                                           |
| ldapLoginFilter               | (&(&(|(objectclass=inetOrgPerson)))(uid=%uid))                                            |
| ldapLoginFilterAttributes     |                                                                                           |
| ldapLoginFilterEmail          | 0                                                                                         |
| ldapLoginFilterMode           | 0                                                                                         |
| ldapLoginFilterUsername       | 1                                                                                         |
| ldapNestedGroups              | 0                                                                                         |
| ldapOverrideMainServer        |                                                                                           |
| ldapPagingSize                | 500                                                                                       |
| ldapPort                      | 636                                                                                       |
| ldapQuotaAttribute            |                                                                                           |
| ldapQuotaDefault              |                                                                                           |
| ldapTLS                       | 0                                                                                         |
| ldapUserAvatarRule            | default                                                                                   |
| ldapUserDisplayName           | displayname                                                                               |
| ldapUserDisplayName2          |                                                                                           |
| ldapUserFilter                | (&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=xxxxxxx,dc=xxxxx))) |
| ldapUserFilterGroups          | nextcloud                                                                                 |
| ldapUserFilterMode            | 0                                                                                         |
| ldapUserFilterObjectclass     | inetOrgPerson                                                                             |
| ldapUuidGroupAttribute        | auto                                                                                      |
| ldapUuidUserAttribute         | auto                                                                                      |
| turnOffCertCheck              | 0                                                                                         |
| turnOnPasswordChange          | 1                                                                                         |
| useMemberOfToDetectMembership | 1                                                                                         |
+-------------------------------+-------------------------------------------------------------------------------------------+

Client configuration

Browser: Firefox 74

Operating system: Windows 10 x64

Logs

Web server error log

Web server error log

No error logged concerning this problem.

Nextcloud log (data/nextcloud.log)

Nextcloud log

No error logged concerning this problem.

Browser log

Browser log

No error logged concerning this problem.

[dea-75]

Yes, seems the same bug ...

[baboupc]

I confirm this bug

[kroerig]

I can confirm it, too. And it's annoying. We have 600 pupils that need to access their homestudy tasks an other information because of school closing.

Is there any way to reprocess this?

[addy90]

We added a "zzzzz" user to our LDAP groups that we use for Nextcloud sharing until this issue is fixed.
This seemed to fix it for us so far, but I am not sure if there is something deeper in it. I hope that this will be fixed, soon!

[kroerig]

I tried this but we use LDAP-UUID as referenz. This way the login username may change without loosing the Nextcloud account.

But these UUIDs are hex values. Therefor my dummy user sometimes is not the last user.

[addy90]

Oh damn, sorry to hear, then this workaround doesn't work for you... :(

[kroerig]

I have my own workaround but it's a lot of work.
https://help.nextcloud.com/t/geteilte-ordern-nicht-sichtbar/74340/8?u=kroerig

[kroerig]

It seems to me that the problem also exists with users that are part of a circle.

[chaosgrid]

hey guys, same bug here, can confirm!

[kroerig]

Groupfolders seem not to be affected.

[addy90]

Intersting. In the beginning, I had problems with group folders, I cannot remember what was wrong, but I never used them again since that time. Maybe I have to revisit.
Do group folders not use that new notification-acceptance feature for folder sharing? My oldest LDAP group shares are shared to the group in the database table with accepted = 1 and all the new ones are shared with the group with accepted = 0 and each user enlisted with accepted = 1 except the last one (or random one when you don't use uid but uuid as id in Nextcloud).