### ⚠️ This issue respects the following points: ⚠️
- [x] This is a **bug**, no…t a question or a configuration/webserver/proxy issue.
- [x] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_.
- [x] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions.
- [x] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/).
### Bug description
All users are synchronized from LDAP, including group information.
There is one user who should be sub-admin and be able to review the group membership of the users of his group:
```
<subadmin>
<element>FDS_Riesklasse</element>
</subadmin>
```
on the accounts page, the users belonging to that group are listed correctly.
But the list of groups remains empty.
The JAVA console displays the following error:
```
response: "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":403,\"message\":\"Das angemeldete Konto muss ein Administrator, ein Unteradministrator sei…"
responseText: "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":403,\"message\":\"Das angemeldete Konto muss ein Administrator, ein Unteradministrator sei…"
```
consequently:
<img width="288" alt="Image" src="https://github.com/user-attachments/assets/23893186-00b2-4fba-977a-eafd3ea56543" />
Also, the group in question cannot be found in the search box.
### Steps to reproduce
1. Grant subadmin privileges to a ldap user on a ldap group
2. login using this credential
### Expected behavior
the user should see the correct groups
### Nextcloud Server version
31
### Operating system
Debian/Ubuntu
### PHP engine version
PHP 8.4
### Web server
Nginx
### Database engine version
PostgreSQL
### Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
### Are you using the Nextcloud Server Encryption module?
None
### What user-backends are you using?
- [ ] Default user-backend _(database)_
- [x] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
### Configuration report
```json
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"apps_paths": [
{
"path": "\/www\/nextcloud\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/data\/apps\/",
"url": "\/custom-apps",
"writable": true
}
],
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.freie-dorfschule.de"
],
"dbtype": "pgsql",
"version": "31.0.4.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"lost_password_link": "https:\/\/ssp.faudin.de\/?action=sendtoken",
"enabledPreviewProviders": [
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\PDF",
"OC\\Preview\\MSOfficeDoc",
"OC\\Preview\\JPEG",
"OC\\Preview\\PNG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\HEIC",
"OC\\Preview\\Movie",
"OC\\Preview\\MKV",
"OC\\Preview\\MOV",
"OC\\Preview\\MP4",
"OC\\Preview\\AVI",
"OC\\Preview\\PNG",
"OC\\Preview\\TIFF"
],
"maintenance_window_start": 1,
"htaccess.RewriteBase": "\/",
"forwarded_for_headers": [
"HTTP_X_FORWARDED",
"HTTP_FORWARDED_FOR",
"HTTP_X_FORWARDED_FOR",
"X-Forwarded-For"
],
"htaccess.IgnoreFrontController": true,
"default_phone_region": "DE",
"overwrite.cli.url": "https:\/\/cloud.freie-dorfschule.de",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***"
},
"maintenance": false,
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "2587",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"defaultapp": "",
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"loglevel": 2,
"app_install_overwrite": [
"snappymail"
]
}
}
```
### List of activated Apps
```shell
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- calendar: 5.2.2
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.0.6
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- deck: 1.15.1
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- groupfolders: 19.0.4
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mail: 5.0.3
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- notify_push: 1.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- polls: 7.4.2
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.6.4
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- snappymail: 2.38.2
- socialsharing_email: 3.3.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- tables: 0.9.2
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_ldap: 1.22.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- calendar_news: 1.1.15 (installed 1.1.15)
- collectives: 2.16.3 (installed 2.16.3)
- encryption: 2.19.0
- files_external: 1.23.0
- firstrunwizard: 4.0.0 (installed 3.0.0)
- spreed: 21.0.4 (installed 21.0.4)
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
```
### Nextcloud Signing status
```shell
No errors have been found.
```
### Nextcloud Logs
```json
nothing interesting
```
### Additional info
members of the admin group are also fed via ldap - in NC it has the name admin_2