I have a strong feeling that this can be done, but this does not work.
The point is this. I linked nextcloud to ldap, users who are allowed to log in are selected using the filter:
(& (objectCategory = person) (objectClass = user) (mail = *) (! (userAccountControl: 1.2.840.1135126.96.36.1993: = 2)) (| (memberOf=CN=blabla, CN=blabla, DC=blabla , DC=local) (memberOf=CN=blabla, CN=blabla, DC=blabla, DC=local)))
Therefore, system accounts do not get there.
I thought that these are all users that the nextcloud “can see”.
It turned out that if you select a user search in the upper right corner, then you can see all the users that were found in ad, including system ones, etc.:
I tried different options in the settings, shoved the filter in all places, and it did not work out to filter the users I needed, which should be displayed in the list.
It would be ideal to apply a filter to LDAP users who appear in the list, but I did not find how to do this, or it is impossible. Maybe someone faced a similar problem and tell me how to implement this?