After finally solved my nextcloud install, which was totally my mistake, moved on with my tests.
I have an existing AD, and installed on a separate box UCS. UCS is integrated with the AD using the Active Directory Connection and AD is synced to UCS unidirectionally, that is AD --> UCS
Sync is working fine, all users are visible in UCS and everything works as expected, for example Kopano.
on the AD I have users in the “users” container and have users in an OU, let’s call it "People"
both type of users belong to “Domain Users” group, and everything is synced to UCS the same way.
After I installed nextcloud, in nextcloud, I can only see the users from the “users” container,ie cn=users,dc=example,dc=net, but not those from ou=People,dc=example,dc=net
This limitation is only in nextcloud, both types are visible as mentioned in the Users module in UCS, in Kopano app, or LDAP directory module in UCS. Obviously “Access to Nextcloud” is checked for all users I expect to show up in nextcloud, and I double-checked this
Given that some users do show up in nextcloud, the connection is working.
And to make sure that nothing is filtered out, I have (&(objectclass=*)) for both users and groups and (uid=%uid) for Login Attributes in nextcloud LDAP/AD settings.
Thanks for your time reading and sharing any thoughts onto what may be happening here!