Nextcloud with AD backend, User deleted in AD without unsharing calendar, calendar can not be removed or unshared anymore

NethServer Version: 7.9.2009
Module: Nextcloud (latest)

Hello

Nextcloud with AD backend, User deleted in AD without unsharing calendar, calendar can not be removed or unshared anymore…
Trying to unshare the displayed calendar results in a non-descriptive error.

Any ideas?

Thanks
Andy

have you tried the occ command dav:delete-calendar it was introduced in version NC22

accroding to the commit here admin_manual: add occ command dav:delete-calendar · nextcloud/documentation@097ed89 · GitHub

dav:delete-calendar [--birthday] [-f|--force] <uid> [<name>] deletes the
calendar named name (or the birthday calendar if --birthday is
specified) of the user uid. You can use the force option -f or
--force to delete the calendar instead of moving it to the trashbin.

This example will delete the calendar mollycal of user molly::

sudo -u www-data php occ dav:delete-calendar molly mollycal

This example will delete the birthday calendar of user molly::

sudo -u www-data php occ dav:delete-calendar --birthday molly

4 Likes

Hi @Shane_Treweek

Thanks for the info, was new to me.
The paths shown at nextcloud.org do not work in NethServer, they assume a very current installation eg on Debian…

NethServer needs the path including PHP7.x…

I’ll try to correct the path and try…

Thanks

My 2 cents
Andy

1 Like

It’s annoying (I thought it might be the case) I don’t personally like OCC (I use it when I have to) but couldn’t think of an easier way (especially when you require a user to remove a protected “asset” when that user has been removed or privilege recinded) at least it’s a place to start rather than messing with db files

1 Like

OCC is one of the remnants of Owncloud still not purged - and probably never will…
It’s too important and well established - kinda like using mysql / mysqldump to handle mariadb…

My 2 cents
Andy

2 Likes

I agree if they remove it they would have to replace it with something else which imo would be just reinventing the wheel and although a clean up of the code so it only uses nextcloud related data would be great it would probably be difficult as they might break 3rd party add-ons

NethServer Nextcloud has an occ wrapper, so you don’t need the full path anymore, see docs.

5 Likes

@mrmarkuz
@Shane_Treweek

Finally got down to this…

The wrapper works, however, as the user is deleted in AD, I just get an error message “user not found”…
The shared calendar is still there… :frowning:

Any ideas?
Thanks

Andy

can you try it ommitting everything before occ (without the sudo -u apache php)?
nevermind, I see you have figured it out. :+1:

Hi @dnutan

I did try with just occ - the command works.

I still can’t get rid of the shared calendar as the commands to show calendars by that user or to delete calendars from that user only shows “user unknown”… :frowning:

The user actually was deleted in AD, as intended. I did not expect a shared calendar to be unremoveable…

I do not have any Nextclouds on NethServer using LDAP (All my clients and I myself need AD…), but if it is replicatable in LDAP too, I think I’ve found a serious bug…

If a user is removed, the users shared calendar (and maybe other objects) should still be removeable…

:frowning:

My 2 cents
Andy

I don’t know… instead of the username can you try with the internal codename or uid, if available?
the one you get with occ user:list, if still present

Good idea… Now to see if I can extract that from a DB (It’s not shown anymore, as the user does not exist anymore…)

yep, if doesn’t show up anywhere else, it shall be in some of the tables… or even in the user folder name

Does the PHPMyAdmin module still work with the newer MariaDB / PHP used?

The user folder name isn’t available anymore. (Or maybe never existed).
AD is on a different NethServer.

I’ll probably need to recover an older version of the DB (I do have plenty of working / tested backups…)

last time I tried it didn’t work. Here in the forum there are some comments by Steph and me regarding what shall be needed to use it (specifying the new service port…)

All these workarounds needed because Centos7 has such old versions…
It’s really about time for a newer basis - the code-bloat is one of the major disadvantages of LTS systems…

do not recall if it worked or not or if @stephdl applied some fix…

1 Like

Just thinking it might be less effort to restore the AD to the date before the user was deleted, and see if I can solve the problem this way…

A backup with PBS is fast:

INFO: transferred 1.05 GiB in 4 seconds (269.0 MiB/s)

When it’s this fast, why bother with snapshots! :slight_smile:

restore image complete (bytes=107374182400, duration=24.06s, speed=4255.77MB/s)

After solving this, I can restore the current backup of AD… (If it works or not!)

Solution

Despite all occ comands, the shared calendar could NOT be removed from being displayed in other users calendars. The main problem: The user was deleted / can’t be found…

The solution which works - and also shows that a backup too many is better than one too little…

  • The environment is running on Proxmox, with backups on a PBS.
  • AD is a seperate NethServer from the Nextcloud-NethServer, making this more difficult to solve just using Nextclouds options.
  • Created a current backup of NethServer AD on PBS (To restore if successful!).
  • Shutting down the AD and restoring the version from a day before the usewr was deleted.
  • Logging into Nextcloud as that user who shared the calendar and removing the share.
  • Loging out and verifying with my own user if that users shared calendar still showed up. It didn’t!
  • Logged out of Nextcloud.
  • Shut down NethServer AD.
  • Restore the last backup from PBS.
  • Everything works!
  • User shared calendar is gone!

Success !

A few notes:

If this was a real Windows environment with a Windows AD, and a Windows member running AD, I’d probably have had to remove the Nextcloud-NethServer from AD and then reboot and re-add it to AD. Windows changes the “join” password often in the background.

With NethServer, despite the deletion being 5 weeks back, this wasn’t needed.

This was very frustrating - if I had known the solution was so easy…
It was one of the reasons I separated the AD from the rest in the first place!

:slight_smile:

My 2 cents
Andy

2 Likes

Oh no, I’m too late, it would have been much simpler:

Show deleted users (just marked as deleted)

occ ldap:show-remnants

You get a table listing the remnants:

+--------------------------------------+----------------------------------------------------+---------------+-----------------------------------------------------------+-------------------+-------------------+-----+--------+
| Nextcloud name                       | Display Name                                       | LDAP UID      | LDAP DN                                                   | Last Login        | Detected on       | Dir | Sharer |
+--------------------------------------+----------------------------------------------------+---------------+-----------------------------------------------------------+-------------------+-------------------+-----+--------+
| 2B4F13C2-7F2F-4A5C-AB58-8EFDABE4BA44 | ncuser1 (ncuser1)                                  | ncuser1       | cn=ncuser1,cn=users,dc=ad,dc=mrmarkuz,dc=test,dc=tld      | February 10, 2022 | February 10, 2022 |     | N      |

Delete User by “Nextcloud Name”:

occ user:delete 2B4F13C2-7F2F-4A5C-AB58-8EFDABE4BA44

See Nextcloud docs.

4 Likes