The system with either AD or LDAP mode how the SRAs map the groups to local groups for permissions or settings has never been that great, however I'm asking myself if there is more possibility.
Maybe someone knows that:
From what I see if there is an LDAP group, adding seperate filter argumetns such as memberOf="CN=xy,..." and another field with memberOf="CN=yz,..." works as conditional AND,meaning that for a Account to match that group, is has to fullfil both conditions.
Example: Both teachers and regular employee share same VPN permissions, however that would require me to have 2 Local Groups on the SRA that map to each of these 2 groups in order to keep them separate from the heads and secretary who have other policy rules.
I'm not really wanting to write policies for each and every group that has in effect the same policies - except for 1-2 groups of users. Isn't there a possibility to group things together i.e. by having a logical OR condition for the 1st example?
Writing an LDAP search filter with conditional ORs is possible, some applications make use of them, is there some way with the SRAs?
