LDAP users cannot access calendars shared with LDAP group from CalDAV clients? #6374
Description
Steps to reproduce
- Create a calendar.
- Share it with an LDAP group.
- Connect to it using EITHER the internal or external share links, and an LDAP user's credentials.
Expected behavior
The user should either be able to see the calendar, or be denied from seeing the calendar, based on their LDAP group membership and the LDAP group permissions settings of the calendar. Additionally, a user's access to the calendar (read-only vs. able to create and edit events) should be determined based on the nature of the permissions granted to them via the LDAP group permissions settings granted in Nextcloud.
Actual behaviour
In Mozilla Thunderbird, with the internal share link, users are unable to use their LDAP credentials to access those calendars, they get an error message:
Could not find calendars at this location. Please check your settings.
The EXTERNAL share link, however, seems to work, although then the calendar it finds is named something ridiculous. For example, instead of "Sales", it's discovered as "uKQXwOxjRfTd", which is... entirely unhelpful. No events show up.
Calendar app version
4.7.16
CalDAV-clients used
Thunderbird Lightning, Outlook CalDav Synchronizer, iOS Calendars, Simple Calendar
Browser
Firefox 130.0, Brave 1.68.141
Client operating system
Windows 10 Pro x64, Linux Mint 21.3
Server operating system
CentOS 7
Web server
Apache
Database engine version
MariaDB
PHP engine version
PHP 8.1
Nextcloud version
28.0.7
Updated from an older installed version or fresh install
Updated from an older version
List of activated apps
Enabled:
- activity: 2.20.0
- admin_audit: 1.18.0
- appointments: 2.1.10
- bruteforcesettings: 2.8.0
- calendar: 4.7.16
- circles: 28.0.0
- cloud_federation_api: 1.11.0
- comments: 1.18.0
- contacts: 5.5.3
- contactsinteraction: 1.9.0
- dashboard: 7.8.0
- dav: 1.29.2
- external: 5.3.1
- federatedfilesharing: 1.18.0
- federation: 1.18.0
- files: 2.0.0
- files_external: 1.20.0
- files_pdfviewer: 2.9.0
- files_reminders: 1.1.0
- files_sharing: 1.20.0
- files_trashbin: 1.18.0
- files_versions: 1.21.0
- firstrunwizard: 2.17.0
- forms: 4.2.4
- groupfolders: 16.0.9
- logreader: 2.13.0
- lookup_server_connector: 1.16.0
- maps: 1.4.0
- nextcloud_announcements: 1.17.0
- notifications: 2.16.0
- oauth2: 1.16.3
- onlyoffice: 9.4.0
- otpmanager: 0.5.4
- password_policy: 1.18.0
- photos: 2.4.0
- privacy: 1.12.0
- provisioning_api: 1.18.0
- recommendations: 2.0.0
- related_resources: 1.3.0
- secrets: 2.1.0
- serverinfo: 1.18.0
- settings: 1.10.1
- sharebymail: 1.18.0
- support: 1.11.1
- survey_client: 1.16.0
- systemtags: 1.18.0
- text: 3.9.2
- theming: 2.3.0
- twofactor_backupcodes: 1.17.0
- updatenotification: 1.18.0
- user_ldap: 1.19.0
- user_status: 1.8.1
- viewer: 2.2.0
- weather_status: 1.8.0
- workflowengine: 2.10.0
Disabled:
- encryption: 2.16.0
- files_rightclick: 0.15.1 (installed 1.6.0)
- suspicious_login: 6.0.0
- twofactor_totp: 10.0.0-beta.2
- user_saml: 6.2.0 (installed 6.2.0)
Nextcloud configuration
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"server.example.com",
"nextcloud.example.com"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "28.0.7.4",
"overwrite.cli.url": "https:\/\/nextcloud.example.com",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"maintenance": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"theme": "",
"loglevel": 2,
"default_phone_region": "US",
"onlyoffice": {
"verify_peer_off": true,
"jwt_secret": "***REMOVED SENSITIVE VALUE***",
"jwt_header": "Authorization"
},
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"defaultapp": ""
}
}
Web server error log
No response
Log file
No response
Browser log
No response
Additional info
No response