USER_LDAP can't set LDAP password via config:import

dancing_wolf · June 17, 2021, 8:05am

Nextcloud version: 21.0.2.1
Operating system and version: Debian 10 Buster
Apache version: 2.4.38
PHP version: 7.4

Create user_ldap settings.json file with agent password ‘SecretPassword’

{
  "apps": {
    "user_ldap": {
      "s01ldap_port": "389",
      "types": "authentication",
      "s01ldap_dn": "cn=kazna_admin,ou=kazna,dc=west",
      "s01ldap_agent_password": "SecretPassword",
      "s01ldap_base": "ou=users,ou=kazna,dc=west",
      "s01ldap_base_groups": "ou=groups,ou=kazna,dc=west",
      "s01ldap_base_users": "ou=users,ou=kazna,dc=west",
      "s01ldap_configuration_active": "1",
      "s01ldap_group_filter": "(&(|(objectclass=organizationalUnit)))",
      "s01ldap_groupfilter_objectclass": "organizationalUnit",
      "s01ldap_group_member_assoc_attribute": "memberUid",
      "s01ldap_host": "ldap://openldap.west",
      "s01ldap_login_filter": "(uid=%uid)",
      "s01ldap_display_name": "displayName",
      "s01ldap_quota_attr": "nextCloudQuota",
      "s01ldap_quota_def": "10G",
      "s01ldap_userlist_filter": "(objectClass=nextCloudAccount)"
    }
  }
}

Import config

$ sudo -u www-data php occ config:import config/settings.json 
Config successfully imported from: config/settings.json

Check password. Instead of correct password there are some binary garbage.

$ sudo -u www-data php occ ldap:show-config --show-password
+-------------------------------+----------------------------------------+
| Configuration                 | s01                                    |
+-------------------------------+----------------------------------------+
| hasMemberOfFilterSupport      | 0                                      |
| homeFolderNamingRule          |                                        |
| lastJpegPhotoLookup           | 0                                      |
| ldapAgentName                 | cn=kazna_admin,ou=kazna,dc=west        |
| ldapAgentPassword             | I�+z�ڲ�(�                             |
| ldapAttributesForGroupSearch  |                                        |

And nextcloud can’t connect to LDAP Server.

sudo -u www-data php occ ldap:test-config s01
The configuration is valid, but the Bind failed. Please check the server settings and credentials.

Only if I set password from Web UI all works fine

$ sudo -u www-data php occ ldap:test-config s01
The configuration is valid and the connection could be established!

$ sudo -u www-data php occ ldap:show-config --show-password
+-------------------------------+----------------------------------------+
| Configuration                 | s01                                    |
+-------------------------------+----------------------------------------+
| hasMemberOfFilterSupport      | 0                                      |
| homeFolderNamingRule          |                                        |
| lastJpegPhotoLookup           | 0                                      |
| ldapAgentName                 | cn=kazna_admin,ou=kazna,dc=west        |
| ldapAgentPassword             | SectretPassword                        |
| ldapAttributesForGroupSearch  |                                        |

Why when setting password with config:import instead of correct password there are a some binary mess?
What I’m doing wrong and how to set LDAP password with confing:import correctly?