[04:29:29]
<lohangX> Hello, I have lost access (forgotten password) to the first admin user account created when installing NextCloud. For somereason I have setup a secondary admin user to manage things, but that account cannot add new NextCloud users or change password of the first admin user. NextCloud documentations give this option to reset a password :
sudo -u www-data php /var/www/nextcloud/occ user:resetpassword user
Is this the recommended way to reset accounts in NextCloud instances that run on yunohost too? Just wanted to check before I do this.
[04:33:29]
<lohangX> Or is there a yunohost-specific command? ^
[05:35:37]
<lohangX> I ran into new problems while attempting it "This version of Nextcloud requires at least PHP 8.0<br/>You are currently running 7.4.33. Please update your PHP version."
I think I'll let things be until PHP 8 is shipped by yunohost.
[07:07:27]
<orhtej2> > <lohangX> Hello, I have lost access (forgotten password) to the first admin user account created when installing NextCloud. For somereason I have setup a secondary admin user to manage things, but that account cannot add new NextCloud users or change password of the first admin user. NextCloud documentations give this option to reset a password :
>
> sudo -u www-data php /var/www/nextcloud/occ user:resetpassword user
>
> Is this the recommended way to reset accounts in NextCloud instances that run on yunohost too? Just wanted to check before I do this.
`sudo -u nextcloud php8.1 /var/www/nextcloud/occ user:resetpassword user`
[07:08:09]
<lohangX> oh, do we already have php8?
[07:08:22]
<lohangX> thanks orhtej2 !
[07:08:37]
<orhtej2> > <lohangX> oh, do we already have php8?
it's running with PHP 8.1, stray `php` invokes **some** version
[07:08:41]
<orhtej2> you just have to specify ;)
[07:09:07]
<orhtej2> also note you need to run as user `nextcloud` not `www-data`
[07:09:49]
<lohangX> > also note you need to run as user `nextcloud` not `www-data`
Can you further clarify this please?
[07:10:33]
<lohangX> This is where I learned that command https://docs.nextcloud.com/server/stable/admin_manual/configuration_user/reset_admin_password.html
[07:11:07]
<lohangX> does yunohost create a user named 'nextcloud' when installing it?
[07:12:22]
<lohangX> Anyway, I'll do as you recommended above. Thanks again! :)
[07:13:45]
<lohangX> Another issue when I try sudo -u nextcloud php8.1 /var/www/nextcloud/occ user:resetpassword
I get:
OCP\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)
[07:15:41]
<orhtej2> > <lohangX> does yunohost create a user named 'nextcloud' when installing it?
yes, Yunohost creates dedicated user for all apps
[07:18:43]
<orhtej2> > <lohangX> Another issue when I try sudo -u nextcloud php8.1 /var/www/nextcloud/occ user:resetpassword
>
> I get:
>
> OCP\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)
there was a hack around that, IIRC
```
$ cd /var/www/nextcloud
$ sudo -u nextcloud php8.1 --define apc.enable_cli=1 occ user:resetpassword
```
So: run from appropriate directory AND add `--define apc.enable_cli=1`
[07:19:58]
<lohangX> I see! Thanks again! :)
[08:44:48]
<ChriChri> > <@Alekswag:matrix.org> I think "the idea" is that nobody re-discussed them for like 8 years because nobody is fluent with ldap
I would expect that Debian has some sane defaults. https://wiki.debian.org/LDAP/OpenLDAPSetup#Permissions
I would look into the following direction:
* why did yunohost divert from these defaults (might be historical, because Debian seems to have changed the defaults between Buster and Bullseye)
* would yunohost work with the debian default acls
* are there security implications with the debian default acls for a yunohost setup
[08:55:21]
<lohangX> I am now trying to reset the user password with
sudo -u nextcloud php8.1 --define apc.enable_cli=1 occ user:resetpassword
I get prompted to enter a new password. And then to confirm it. After that I get "Error while resetting password!" What else can I do to get it to work?
[08:56:14]
<orhtej2> given Nextcloud uses LDAP integration perhaps you can reset corresponding user password in ynh?
[08:56:25]
<lohangX> Another thing I can think of is creating a new user with full admin privileges
[08:56:38]
<lohangX> > given Nextcloud uses LDAP integration perhaps you can reset corresponding user password in ynh?
oh I can try that
[08:56:49]
<orhtej2> is your user in `sudo yunohost user list`?
[08:57:31]
<lohangX> > is your user in `sudo yunohost user list`?
Yes!
[09:00:20]
<orhtej2> `sudo yunohost user update **SOME_USER** --change-password **SOME_PASSWORD**`
[09:05:30]
<lohangX> Haha I think it worked. I got logged out of many other places including email :)
[09:07:25]
<orhtej2> > <lohangX> Haha I think it worked. I got logged out of many other places including email :)
but did it fix your problem with Nextcloud?
[09:12:52]
<lohangX> > but did it fix your problem with Nextcloud?
It did, orhtej2 , the password has been reset. But I am not confronted with a newer problem. This user doesn't have admin privileges in NextCloud. It cannot create new users (that is where I started!)
[09:13:05]
<lohangX> Actually, it is the same problem.
[09:13:26]
<lohangX> I still cannot create new users
[09:15:30]
<lohangX> To give you more context, my investigation started when I wanted to add a new user. That is when I realized that the admin account I've been using cannot do this. And I had lost access to the original admin user. Now I am able to access that user account. But I still cannot create a new user.
[09:16:32]
<lohangX> However, I can create user groups.
[09:20:57]
<orhtej2> > <lohangX> To give you more context, my investigation started when I wanted to add a new user. That is when I realized that the admin account I've been using cannot do this. And I had lost access to the original admin user. Now I am able to access that user account. But I still cannot create a new user.
users should be managed by Yunohost, add a user there with no permissions
[09:21:32]
<orhtej2> you can make yourself an admin in Nextcloud by using `sudo -u nextcloud php8.1 --define apc.enable_cli=1 occ group:adduser admin **SOME_USER**`
[09:21:32]
<lohangX> I mean I want to create a new nextcloud user ^
[09:21:51]
<orhtej2> > <lohangX> I mean I want to create a new nextcloud user ^
Yunohost users are by extension Nextcloud users as well
[09:23:48]
<lohangX> oh, okay I'll give that a try.
Previously I was able to add users from inside NextCloud's graphical interface without adding them to yunohost user list. This is what I had in mind when wanting to create another user. This is for someone who is not involved in administering the rest of the server. So it makes more sense if I could do it from nextcloud.
[09:24:33]
<lohangX> > you can make yourself an admin in Nextcloud by using `sudo -u nextcloud php8.1 --define apc.enable_cli=1 occ group:adduser admin **SOME_USER**`
got it.
[09:28:20]
<orhtej2> > <lohangX> oh, okay I'll give that a try.
>
> Previously I was able to add users from inside NextCloud's graphical interface without adding them to yunohost user list. This is what I had in mind when wanting to create another user. This is for someone who is not involved in administering the rest of the server. So it makes more sense if I could do it from nextcloud.
ok, you can try adding in Nextcloud, should work
[09:29:24]
<lohangX> > you can make yourself an admin in Nextcloud by using `sudo -u nextcloud php8.1 --define apc.enable_cli=1 occ group:adduser admin **SOME_USER**`
At last, I was able to make my user an admin. But that user cannot create new users. It is the same as the second account I have.
[09:29:42]
<lohangX> I don't know what is the reason for this. Baffling indeed.
[09:30:47]
<lohangX> I see the existing user list in domain/settings/users and there is no way to add new users
[09:32:26]
<lohangX> Oh I am extremely worry, orhtej2 I now see the New User button on top left!
[09:32:32]
<lohangX> Problem solved \o/
[09:33:22]
<lohangX> extremely sorry* I didn't notice it. the original user has full control now :)
[11:54:03]
<ChriChri> Aleks (he/him/il/lui), this seems to solve the problem with write access to the top level of the directory:
```
/usr/share/yunohost/conf/slapd# diff -u config.ldif.orig config.ldif
--- config.ldif.orig 2023-10-06 11:34:04.024726179 +0200
+++ config.ldif 2023-10-06 11:35:40.176600709 +0200
@@ -108,7 +108,8 @@
olcDatabase: {0}config
# Give access to root user.
# This give the possiblity to the admin to customize the LDAP configuration
-olcAccess: {0}to * by * none
+# olcAccess: {0}to * by * none
+olcAccess: {0}to * by * read
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcRootDN: cn=config
```
But I didn't understand all of the mechanism, yet.
[11:55:32]
<Aleks (he/him/il/lui)> no idea what problem you are trying to solve, you seem more LDAP expert than me ;P
[11:57:29]
<ChriChri> Nope, I'm not (yet). I tried to migrate aliases from my old mail server without needing an user for all of them and found https://forum.yunohost.org/t/add-a-redirection-mail-alias-without-attaching-it-to-a-yunohost-account . That needs write access to the top level to create a new organizationalUnit and this didn't work.