I’m migrating my user backend from the unix authentication app pw_auth to LDAP and want to share my experiences because I encountered some problem. While searching for solutions I only discovered unanswered threads like:
- Change Auth-Backend from pw_auth (Unix User Backend) to IMAP or NC own Auth
- How to change user backend from IMAP to LDAP?
Many thanks to @Uli_He again for the great tutorial (Migration to LDAP keeping users and data)
- Setup your LDAP server and configure the LDAP nextcloud settings like in ulis thread.
- Since the user via pw_auth aren’t stored in the database skip this part.
- Backup your /etc/passwd (e.g.
cp /etc/passwd /etc/passwd.backup) - Delete all user rows in your passwd that are now available via LDAP. (Note: Disabling the userid via the settings did not work. The user disappears from the user web overview but is still reachable on
occ user:info [username]) - Now do the 7th step from ulis thread in the nextcloud LDAP settings (Delete LDAP user relations, Delete LDAP group relations). Note: The attribute for the internal username must be the same as for the unix user in the passwd file.
- Now you can login with your LDAP credentials!
(After loging successfull you might recover your passwd file from your backup, if need the authentication there. Make sure to disable the pw_auth plugin or disable now the user ids in the nextcloud settings)
I hope that I could help someone! 
As always make sure to have a fullbackup before migrating your users.
Note: If you are using server-side encryption make sure to use the same passwords in LDAP or (let them) recover the password after migrating.