LDAP/AD settings unavailable to admin delegates

[Ivansss]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Users from group with admin privileges can't access LDAP/AD settings.
This is due to legacy ajax endpoints where it is only checked if the user is an admin but not a subadmin.

Steps to reproduce

1. Setup LDAP with an admin
2. Give "admin_test" group privileges to edit LDAP/AD settings
3. Go to LDAP/AD settings with a user from "admin_test" group

Expected behavior

The user from "admin_test" group is able to see and edit LDAP settings

Installation method

None

Nextcloud Server version

master

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[tiredofit]

Just confirming this is an issue on 26.0.5 and 27.0.2.

When a groups is assigned in Adminstration privleges, the user can visit the LDAP settings yet all is greyed out.

Screenshot:

[joshtrichards]

This was likely fixed by #42706.

EDIT: Though I'm now realizing I may have misunderstood the original report. You're referring to via delegation (https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/admin_delegation_configuration.html) I guess.