LDAP group listing drops primary-group members when pagination is applied

[hweihwang]

Steps to reproduce

1. Configure user_ldap against Active Directory where “Domain Users” membership is primarily granted via primaryGroupID.
2. Log in as an admin and open Settings → Accounts → Groups → Domain Users.
3. Scroll through the member list (pagination enabled by the provisioning API).

Expected behaviour

All ~1K members appear, matching occ group:list "Domain Users".

Actual behaviour

Only the ~27 accounts explicitly present in the group’s member attribute are shown. The badge/count stays correct.

Technical analysis

• apps/provisioning_api/lib/Controller/GroupsController.php:195 uses $group->searchUsers($search, $limit, $offset) to feed the Accounts UI.
• lib/private/Group/Group.php:209 delegates to LDAP’s usersInGroup().
• apps/user_ldap/lib/Group_LDAP.php:899-975 merges direct members with getUsersInPrimaryGroup() / getUsersInGidNumber() before applying array_slice(). Because the helper calls receive the same limit/offset, primary-group members are truncated. occ group:list calls the same method without limit/offset, so it still shows all members.

Proposal

Fetch primary-group/gidNumber members without passing the limit/offset (or fetch unlimited and only slice after merging), or have the provisioning API skip pagination for LDAP backends that rely on those helpers.

Environment

Nextcloud Enterprise 31.0.7, user_ldap 1.22.0, AD with primaryGroupID.