Changing the Expert mapping away from LDAP’s UID is a bad idea. If you ever have a user change their username, upn, or CN name, due to personal name change (marriage, divorce, etc) the user will NOT be able to login to Nextcloud. The mapping NEEDs to be an immutable value from LDAP/AD to avoid issues in the long run. This is why nextcloud defaults to a GUID value for the Intern UID, and hides the setting to change it under “Expert”.
We had this crop up when a name change occurred and we had mapped the Nextcloud UID to the UPN. They were forever locked out of nextcloud, because nextcloud doesn’t update the UID once its been set.
Only alternative is to go do “unsupported” changes inside the nextcloud database to manually change the Nextcloud UID to match the new value in LDAP or AD.
AD LDAP with nextcloud by default uses “objectGUID” which cannot be changed even in AD, this is a good thing, and the proper attribute to use for an LDAP matcher when using AD.
The real issue here is that the “UID” is used as a display name all over Nextcloud instead of the more logical “Display Name” attribute. Or even simply the “email” attribute that does get correctly updated inside nextcloud when changed in the upstream LDAP/AD directory.
I highly suggest anyone avoids changing the Expert setting for “internal username attribute”. It WILL lead to issues eventually if the attribute you chose ever changes. Things like “username” Samaccountname, userprinciplename, CN name, all get changed if the Person’s actual name changes, so you can easily get stuck with this issue down the road.