[Bug]: occ user:delete throws error for LDAP users (path needs to be relative..) but deletes successfully

[tgoeg]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

occ user:delete throws an error although it is used correctly (and it also deletes the user as requested as can be seen from the audit log)

sudo -u $ncsysuser ${ncbasedir}/occ user:delete user.name
{"reqId":"6XgtWtIyZlOuTPf5B2GJ","level":1,"time":"2022-05-03T10:29:40+00:00","remoteAddr":"","user":"--","app":"admin_audit","method":"","url":"--","message":"Console command executed: user:delete user.name","userAgent":"--","version":"23.0.4.1"}
{"reqId":"6XgtWtIyZlOuTPf5B2GJ","level":1,"time":"2022-05-03T10:29:40+00:00","remoteAddr":"","user":"--","app":"admin_audit","method":"","url":"--","message":"User deleted: \"user.name\"","userAgent":"--","version":"23.0.4.1"}

In Util.php line 233:

  path needs to be relative to the system wide data folder and point to a user specific file


user:delete <uid>

Steps to reproduce

1. Use LDAP/AD
2. Use LDAP User
3. Move user to deactivated group in AD
4. Delete user with occ user:delete

If I just user:add and user:delete a test user, this does not happen, so 1-3 seem to be relevant.

Expected behavior

Deleting a user should work without errors.

Installation method

Manual installation

Operating system

Debian/Ubuntu

PHP engine version

PHP 7.4

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

Encryption is Enabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{"reqId":"IcLqEOtYEjuuVd8GCRsT","level":1,"time":"2022-05-03T10:41:48+00:00","remoteAddr":"","user":"--","app":"admin_audit","method":"","url":"--","message":"Console command executed: config:list system","userAgent":"--","version":"23.0.4.1"}
{
    "system": {
        "config_is_read_only": "true",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "htaccess.RewriteBase": "\/",
        "dbtype": "mysql",
        "version": "23.0.4.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": false,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": "true",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 0
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "log_type": "file",
        "log_rotate_size": 10000000,
        "loglevel": 3,
        "logfile": "\/home\/***REMOVED SENSITIVE VALUE***\/nextcloud-data\/nextcloud.log",
        "logfilemode": 384,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "log_type_audit": "file",
        "log_rotate_size_audit": 10000000,
        "logfile_audit": "\/home\/***REMOVED SENSITIVE VALUE***\/nextcloud-data\/audit.log",
        "logfilemode_audit": 384,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "updater.release.channel": "stable",
        "trashbin_retention_obligation": "auto, 14",
        "mail_sendmailmode": "smtp",
        "app_install_overwrite": [
            "impersonate",
            "spreed",
            "files_accesscontrol",
            "quota_warning",
            "richdocuments"
        ],
        "encryption.legacy_format_support": false,
        "encryption.key_storage_migrated": false,
        "defaultapp": "files",
        "customclient_desktop": ""
    }
}

List of activated Apps

{"reqId":"3nW2CR54oO8Int5eIBiT","level":1,"time":"2022-05-03T10:43:47+00:00","remoteAddr":"","user":"--","app":"admin_audit","method":"","url":"--","message":"Console command executed: app:list","userAgent":"--","version":"23.0.4.1"}
Enabled:
  - accessibility: 1.9.0
  - activity: 2.15.0
  - admin_audit: 1.13.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.2.2
  - circles: 23.1.1
  - cloud_federation_api: 1.6.0
  - comments: 1.13.0
  - contactsinteraction: 1.4.0
  - dav: 1.21.0
  - encryption: 2.11.0
  - federatedfilesharing: 1.13.0
  - federation: 1.13.0
  - files: 1.18.0
  - files_accesscontrol: 1.13.0
  - files_downloadactivity: 1.13.0
  - files_pdfviewer: 2.4.0
  - files_rightclick: 1.2.0
  - files_sharing: 1.15.0
  - files_trashbin: 1.13.0
  - files_versions: 1.16.0
  - files_videoplayer: 1.12.0
  - firstrunwizard: 2.12.0
  - groupquota: 0.1.8
  - impersonate: 1.10.0
  - logreader: 2.8.0
  - lookup_server_connector: 1.11.0
  - nextcloud_announcements: 1.12.0
  - notifications: 2.11.1
  - oauth2: 1.11.0
  - password_policy: 1.13.0
  - photos: 1.5.0
  - privacy: 1.7.0
  - provisioning_api: 1.13.0
  - quota_warning: 1.14.0
  - recommendations: 1.2.0
  - serverinfo: 1.13.0
  - settings: true
  - sharebymail: 1.13.0
  - support: 1.6.0
  - survey_client: 1.11.0
  - systemtags: 1.13.0
  - text: 3.4.1
  - theming: 1.14.0
  - theming_customcss: 1.11.0
  - twofactor_backupcodes: 1.12.0
  - updatenotification: 1.13.0
  - user_ldap: 1.13.1
  - viewer: 1.7.0
  - workflowengine: 2.5.0
Disabled:
  - dashboard: 7.0.0
  - files_external: 1.11.1
  - files_trackdownloads: 1.11.0
  - spreed: 13.0.5
  - user_status: 1.0.1
  - weather_status: 1.0.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No related info in the logs.

Additional info

No response

[come-nc]

The error originates in lib/private/Encryption/Util.php so it must have something to do with encryption.

Can you run the command with option -vvv to get the stack trace, please?

[tgoeg]

I cannot reproduce it at the moment as there is no user on nextcloud that's also in the deactivated group (and I don't have access to AD). I'll try to reproduce it as soon as the prerequisites are met.

[avinash-0007]

@come-nc here is the trace:

[BadMethodCallException]
path needs to be relative to the system wide data folder and point to a use
r specific file

Exception trace:
at /var/www/html/lib/private/Encryption/Util.php:233
OC\Encryption\Util->getUidAndFilename() at /var/www/html/lib/private/Encryption/Keys/Storage.php:367
OC\Encryption\Keys\Storage->getFileKeyDir() at /var/www/html/lib/private/Encryption/Keys/Storage.php:189
OC\Encryption\Keys\Storage->deleteAllFileKeys() at /var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php:315
OC\Files\Storage\Wrapper\Encryption->rmdir() at n/a:n/a
call_user_func() at /var/www/html/apps/files_trashbin/lib/Storage.php:193
OCA\Files_Trashbin\Storage->doDelete() at /var/www/html/apps/files_trashbin/lib/Storage.php:125
OCA\Files_Trashbin\Storage->rmdir() at /var/www/html/lib/private/Authentication/Listeners/UserDeletedFilesCleanupListener.php:72
OC\Authentication\Listeners\UserDeletedFilesCleanupListener->handle() at /var/www/html/lib/private/EventDispatcher/ServiceEventListener.php:75
OC\EventDispatcher\ServiceEventListener->__invoke() at /var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php:251
Symfony\Component\EventDispatcher\EventDispatcher->callListeners() at /var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php:73
Symfony\Component\EventDispatcher\EventDispatcher->dispatch() at /var/www/html/lib/private/EventDispatcher/EventDispatcher.php:88
OC\EventDispatcher\EventDispatcher->dispatch() at /var/www/html/lib/private/EventDispatcher/EventDispatcher.php:100
OC\EventDispatcher\EventDispatcher->dispatchTyped() at /var/www/html/lib/private/User/User.php:301
OC\User\User->delete() at /var/www/html/core/Command/User/Delete.php:63
OC\Core\Command\User\Delete->execute() at /var/www/html/3rdparty/symfony/console/Command/Command.php:255
Symfony\Component\Console\Command\Command->run() at /var/www/html/3rdparty/symfony/console/Application.php:1009
Symfony\Component\Console\Application->doRunCommand() at /var/www/html/3rdparty/symfony/console/Application.php:273
Symfony\Component\Console\Application->doRun() at /var/www/html/3rdparty/symfony/console/Application.php:149
Symfony\Component\Console\Application->run() at /var/www/html/lib/private/Console/Application.php:209
OC\Console\Application->run() at /var/www/html/console.php:99
require_once() at /var/www/html/occ:11

user:delete

[avinash-0007]

when i debug i checked uid is blank in line 233 and thats why is toughing exception

[come-nc]

Ok, so this comes from UserDeletedFilesCleanupListener, which was previously not called when deleting users through occ.

What is not clear is how can it call rmdir on OCA\Files_Trashbin\Storage, it is supposed to call rmdir on the user home from what I understand.

[icewind1991]

Should be fixed with #32357

[Niveshkrishna]

Related issue #29582