How do i add filter with both AND and OR condition in ldap_access_filter?
I have my ldap search filter as below with multiple groups. I now want to add one more condition where users need to be part of a primary group and then part of any mentioned groups in the filter. I have tried options in https://www.freeipa.org/images/c/cc/FreeIPA33-sssd-access-control.pdf but it didn't work.
ldap_access_filter = (|(memberOf=cn=DATA,ou=HADOOP,ou=APPLICATION_GROUPS,ou="ACCESS GROUPS",ou=GROUPS,dc=COMPANY,dc=CORP)......)
probably something like this:
(&(memberof=cn=primary_group)(|(memberof=cn=group1)(memberof=cn=group2)(memberof=cn=group3)))
example: "(&(memberof=cn=localadmin,CN=Users,DC=company,DC=com)(|(memberof=cn=marketing,cn=users,dc=company,dc=com)(memberof=CN=Standards Share Access,CN=Users,DC=company,DC=com)))"