Freeipa LDAP group permissions issues

Nextcloud version: 15.0.2
Operating system and version: Ubuntu 18.04
PHP version: 7.2.10

I’ve set up LDAP integration to connect to a freeipa server on a new Nextcloud installation, it’s functional and I’m able to login to nextcloud using any of the freeipa users.

I want to limit access to nextcloud to only users in a certain group but when I use the groups tab and select my desired group there, all users are still able to login despite not being in the group and the group name showing up in the nextcloud users page.

If I use the memberOf filter in the users tab it automatically adds cn=compat to the group dn in the search filter and then no users show up in the group, if I replace the cn=compat with cn=accounts to make the filter match the freeipa directory structure then it says 4 users found but complains about a configuration error and causes the site to freeze occasionally. In fact if I click on Edit LDAP query after changing the filter to use cn=accounts to confirm the change it automatically reverts it back to cn=compat.

My understanding of freeipa’s LDAP backend is a little shaky so maybe I’m missing something with this compat tree. Any assistance would be appreciated.