LDAP configuration became inaccessible after upgrade to 21

After upgrade to 21 faced a problem with configured ldap settings, that setting can’t be even displayed in settings page. At the same time LDAP users can login and it seems that everything is OK with them. LDAP configuration profile is displayed in listbox but the setting behind it is not loading and can’t be edited.

Nextcloud version: 21.0.4.1
Operating system and version: Debian GNU/Linux 10 (buster)
nginx version: 1.14.2
PHP version: 7.4
Steps to replicate it:

  1. Go to LDAP integration settings
  2. Make sure that you have selected active LDAP integration settings profile
  3. Selected profile should have editable fields with current settings, but all fields are empty

The output of your Nextcloud log in Admin > Logging:

Error	core	Error: Method OC\L10N\L10NString::__toString() must return a string value	
2021-08-17T10:15:08+0300
Error	PHP	Error: vsprintf(): Too few arguments at /var/www/nextcloud/lib/private/L10N/L10NString.php#79	
2021-08-17T10:15:08+0300
Error	core	Error: Method OC\L10N\L10NString::__toString() must return a string value	
2021-08-17T10:00:07+0300
Error	PHP	Error: vsprintf(): Too few arguments at /var/www/nextcloud/lib/private/L10N/L10NString.php#79	
2021-08-17T10:00:07+0300
Error	core	Error: Method OC\L10N\L10NString::__toString() must return a string value	
2021-08-17T09:45:08+0300
Error	PHP	Error: vsprintf(): Too few arguments at /var/www/nextcloud/lib/private/L10N/L10NString.php#79	
2021-08-17T09:45:08+0300

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' =>
  array (
    0 => '*****',
  ),
  'datadirectory' => '/nextcloud/data',
  'overwrite.cli.url' => 'https://*****/nextcloud',
  'dbtype' => 'pgsql',
  'version' => '21.0.4.1',
  'dbname' => '**',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => '**',
  'dbpassword' => '**',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'forcessl' => false,
  'mail_from_address' => 'file',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => '***',
  'mail_smtphost' => '***',
  'mail_smtpport' => '25',
  'loglevel' => 0,
  'logtimezone' => 'Europe/Moscow',
  'theme' => '',
  'maintenance' => false,
  'singleuser' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filesystem_check_changes' => 1,
  'ldapUserCleanupInterval' => 15,
  'log_rotate_size' => 104857600,
  'trashbin_retention_obligation' => 'auto',
  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'smtp-auth',
  'mail_smtppassword' => '***',
  'mysql.utf8mb4' => true,
  'updater.release.channel' => 'stable',
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'updater.secret' => '***',
  'default_phone_region' => 'RU',
);

/var/log/nginx/error.log:

2021/08/17 08:33:25 [error] 716#716: *6030 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Class 'OC_JSON' not found in /var/www/nextcloud/apps/user_ldap/ajax/getConfiguration.php:30
Stack trace:
#0 {main}
  thrown in /var/www/nextcloud/apps/user_ldap/ajax/getConfiguration.php on line 30" while reading response header from upstream, client: 195.201.103.77, server: ***, request: "POST /apps/user_ldap/ajax/getConfiguration.php HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "***"
2021/08/17 10:29:32 [error] 716#716: *6706 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Class 'OC_JSON' not found in /var/www/nextcloud/apps/user_ldap/ajax/getConfiguration.php:30
Stack trace:
#0 {main}
  thrown in /var/www/nextcloud/apps/user_ldap/ajax/getConfiguration.php on line 30" while reading response header from upstream, client: 10.4.22.105, server: ***, request: "POST /apps/user_ldap/ajax/getConfiguration.php HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "***"

This is how it looks when get to discussed LDAP settings page:

2021-08-17_10-30_1

This is how it looks in output from CLI:

sudo -u www-data php7.4 /var/www/nextcloud/occ ldap:show-config

+-------------------------------+------------------------------------------------------------------------------------------------------------------------+
| Configuration                 |                                                                                                                        |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                                      |
| homeFolderNamingRule          |                                                                                                                        |
| lastJpegPhotoLookup           | 0                                                                                                                      |
| ldapAgentName                 | CN=bind user,DC=example,DC=net                                                                                         |
| ldapAgentPassword             | ***                                                                                                                    |
| ldapAttributesForGroupSearch  |                                                                                                                        |
| ldapAttributesForUserSearch   |                                                                                                                        |
| ldapBackupHost                |                                                                                                                        |
| ldapBackupPort                |                                                                                                                        |
| ldapBase                      | DC=example,DC=net                                                                                                      |
| ldapBaseGroups                | DC=example,DC=net                                                                                                      |
| ldapBaseUsers                 | DC=example,DC=net                                                                                                      |
| ldapCacheTTL                  | 600                                                                                                                    |
| ldapConfigurationActive       | 1                                                                                                                      |
| ldapDefaultPPolicyDN          |                                                                                                                        |
| ldapDynamicGroupMemberURL     |                                                                                                                        |
| ldapEmailAttribute            | mail                                                                                                                   |
| ldapExperiencedAdmin          | 0                                                                                                                      |
| ldapExpertUUIDGroupAttr       |                                                                                                                        |
| ldapExpertUUIDUserAttr        |                                                                                                                        |
| ldapExpertUsernameAttr        |                                                                                                                        |
| ldapExtStorageHomeAttribute   |                                                                                                                        |
| ldapGidNumber                 | gidNumber                                                                                                              |
| ldapGroupDisplayName          | cn                                                                                                                     |
| ldapGroupFilter               | (&(|(objectclass=group))(|(cn=Domain Users)(cn=RCOD Admins)))                                                          |
| ldapGroupFilterGroups         | Domain Users;RCOD Admins                                                                                               |
| ldapGroupFilterMode           | 0                                                                                                                      |
| ldapGroupFilterObjectclass    | group                                                                                                                  |
| ldapGroupMemberAssocAttr      | uniqueMember                                                                                                           |
| ldapHost                      | ldap://***                                                                                                             |
| ldapIgnoreNamingRules         |                                                                                                                        |
| ldapLoginFilter               | (&(&(objectCategory=person)(mail=*)(objectClass=user))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes     |                                                                                                                        |
| ldapLoginFilterEmail          | 1                                                                                                                      |
| ldapLoginFilterMode           | 0                                                                                                                      |
| ldapLoginFilterUsername       | 1                                                                                                                      |
| ldapMatchingRuleInChainState  | unknown                                                                                                                |
| ldapNestedGroups              | 0                                                                                                                      |
| ldapOverrideMainServer        |                                                                                                                        |
| ldapPagingSize                | 500                                                                                                                    |
| ldapPort                      | 389                                                                                                                    |
| ldapQuotaAttribute            |                                                                                                                        |
| ldapQuotaDefault              | 10 GB                                                                                                                  |
| ldapTLS                       | 0                                                                                                                      |
| ldapUserAvatarRule            | default                                                                                                                |
| ldapUserDisplayName           | displayname                                                                                                            |
| ldapUserDisplayName2          |                                                                                                                        |
| ldapUserFilter                | (&(objectCategory=person)(mail=*)(objectClass=user))                                                                   |
| ldapUserFilterGroups          |                                                                                                                        |
| ldapUserFilterMode            | 1                                                                                                                      |
| ldapUserFilterObjectclass     | person                                                                                                                 |
| ldapUuidGroupAttribute        | auto                                                                                                                   |
| ldapUuidUserAttribute         | auto                                                                                                                   |
| turnOffCertCheck              | 0                                                                                                                      |
| turnOnPasswordChange          | 0                                                                                                                      |
| useMemberOfToDetectMembership | 1                                                                                                                      |
+-------------------------------+------------------------------------------------------------------------------------------------------------------------+
                                                                                                                                           

I’m having this same problem. I “resolved” it by reverting my NGINX configuration to the NC19 version as suggested here. I am not sure yet whether this is a better solution.
This seems to be the clearest bug report.

I can confirm that adding this line to nginx site configuration resolves this issue.

        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;