In the process of mapping preexisting NC users to newly synced ldap users from CT discovered no occ ldap:check-user --update USERID possible with ldap (CT) users containing umlauts in their cn.

Initial LDAP sync shows umlauts as white question marks on black rhombus in DB table oc_ldap_user_mapping but when doing the ldap:check-user after entering the oc_name and directory_uuid from the existing NC user I get
The user does not exists on LDAP anymore. Clean up the user's remnants by: ./occ user:delete "USERID"

Ist the wrapper coping with umlauts?

Hey Silas, took a look into this, and Umlauts, Accents etc. are not a problem in general. We have numerous groups with Umlauts, but, funny enough, I think that none of the users from our database with Umlauts in his nickname is a NextCloud user at the same time. 😆
I know from experience that LDAP has some very weird quirks regarding encoding indeed. For instance, user binds have to submit passwords using UTF16LE, at least for AD implementations some years ago, and will silently fail otherwise. Fun.

If you can find out where exactly this gets messed up, we might be able to fix that, but I assume the error in the PHP code of the LDAP plugin. 🙈
Best thing you can do is to ask affected users to change their CT nickname to something without special symbols. An advisable thing anyway...

I checked once more. Seems that we used to have users Umlauts in their CN, but with no Umlauts in their NextCloud name. That would be consistent with what I expect.
(So somehow the NC plugin normalized this away, which seems not to happen in your setup, for whatever reason...)