Ldap integration and password change

I still have the problem to get my Nextcloud 17.0.2 working to enable LDAP Passwort Change.

My Situation
Microsoft Windows Server 2012 with AD / LDAP

Authentication of users is working properly with

Login Attributes
(&(&(|(objectclass=person))(|(|(memberof=CN=Domänen-Benutzer,CN=Users,DC=MY,DC=DOMAIN)(primaryGroupID=513))))(|(samaccountname=%uid)(|(cn=%uid))))

I’ve checked the tag in front of
LDAP-Passwortänderungen pro Nutzer aktivieren

further settings are

Feld für den Anzeigenamen des Benutzers = displayname
Basis-Benutzerbaum = dc=MY,dc=DOMAIN
Feld für den Anzeigenamen der Gruppe = cn
Basis-Gruppenbaum = dc=MY,dc=DOMAIN
Assoziation zwischen Gruppe und Benutzer = member (AD)

Under Expert Settings i’ ve set

Attribut für interne Benutzernamen: cn
UUID-Attribute für Benutzer: cn
UUID-Attribute für Gruppen: cn

With that settings my ldap users where shown in Nextcloud / FederateID with their real LDAP Names.

Trying to set more Login Attributes is no problem

I’ve tried with
objectGUID = %uid

entryUUID is not part of my list i get in ldap settings of Nextcloud (on my Domain Controller under Attribut Editor “entryUUID” is missing too
same with nsuniqueid and guid and ipauniqueid

So i tried with sAMAccountName = %uid because this Attrib is part of the DC Attrib Editor and known Attribut in Nextcloud and it shows my login name in AD.
But setting this didn’t help.

I get the message “Passwort konnte nicht geändert werden” (PW couldn’t be changed)

My user that is responsible for the LDAP connection (not ldaps! -> it’s connected ldap:// … via port 389) is group member of Domain -Admins, Scheme Admins,… and should be able to set passwords.

For an experiment i’ve set the main Domain Admin with all privileges as Connection user in LDAP Settings shortly - but the result was the same.

I’m running out of ideas what attributes / parameters i should change to get ldap pwassord change working.

When using the Login-Attribut Checker on the same page -> entering a valid username of an LDAP user and click on check
I get response: “User found, Settings checked” (so seems to be valid)

I have seen this LDAP NC15 but that does not help for Windows AD maybe only for SAMBA 4 users.

Interesting is, that nextcloud sends email notification about the password changes whenever i clicked on the save button. But my login credentials in ldap resist unchanged.
Very pleased about help. Thanks.