Change of LDAP backend

Hi. I’ve a general question about LDAP backend. I need to set up a NC server using LDAP backend, at some time in the future I need to switch the backend to a second LDAP.

What’s going to happen to users? If some are on both backend, will I get duplicates?

From what I can understand by reading the documentation it will create duplicate users. Is it possible to avoid it?

Can I avoid this by using local accounts instead of using LDAP initially?

if the new ldap delivers the same data (uid), the users will remain unchanged. Just use your test system to doublecheck this!

The doc looks rather different:

The internal username is the identifier in Nextcloud for LDAP users. By default it will be created from the UUID attribute. The UUID attribute ensures that the username is unique, and that characters do not need to be converted. Only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII equivalents, or are simply omitted.

The LDAP backend ensures that there are no duplicate internal usernames in Nextcloud, i.e. that it is checking all other activated user backends (including local Nextcloud users). On collisions a random number (between 1000 and 9999) will be attached to the retrieved value. For example, if “alice” exists, the next username may be “alice_1337”.

Double checked, added two LDAP backedn with some common users, users gets duplicated.

Also, in my specific case where I need to swap the backend later, since I created two LDAP profiles I just deleted the first one, all users associated to this backend were deleted, even if both backends returned the same uid for Nextcloud (that is: name.surname). I need to make a last check by changing the LDAP config instead of using two different profiles