Welcome to the community! And that's a great first question. Typically any permission management in Nintex should follow what SharePoint provides out of the box. LDAP is not a usual use for permission management in SharePoint, but I have seen it done. Do you use the LDAP because it's not in the same forest or not trusted by the primary domain? Is it on another domain? I'm wondering if there is a visibility issue, and second, people pickers are configurable. So the picker in this case may not allow that kind of viewing and will be a limitation for you. 

We have several webapp. Those which are available from Internet use LDAP for authentication. Those which are available from intranet only, use AD. I don't have the history, i suppose that's for security reasons and part of our standard in terms of authentication. The picker works fine in any site collection : we can add users or groups coming from LDAP. So i suppose that the picker configuration and the LDAP Provider works and are well configured. I have the feeling that the picker behavior is different from the SharePoint admin console than any site collection. the look & feel of the pickers are also quite different from the console and the site collection.

i will share your questions to our architect : he will probably give you a better response.

The Central Admin web app is its own web app too. So any configuration made to the other web app using the ldap will also have to be done to Central Admin to allow people picker use and include any other forests/domains/ldaps, etc. It is a PowerShell setup that is made. 

that's confirm my suspicion... ok let me check this point and we will see. thanks for your help