I need to filter LDAP records to access otrs like
((cn=branch)and(cn=department)or(cn=admins))
(cn=department) isn't an authentizing condition, it's a filter of otrs groups. It's on the same level of LDAP path as (cn=branch) and (cn=admins):
cn=branchA,ou=groups
cn=admins,ou=groups
cn=departmentD,ou=groups
I've tried to use a filter
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(cn=branchA)(cn=admins))';
that is the result a user logging LDAP filter in log:
(&(cn=usernameX)(|(cn=branchA)(cn=admins)))
It seems to be right but not working, usernameX's access is denied even he is in one or both of the groups.
I've used many variations of syntax including (&(|(objectclass=posixGroup))(|(cn=admins)(cn=branchA))) - this syntax running on our nextcloud file server, but no success in otrs.
Any idea?
otrs 5 on ubuntu 16.04, openldap (ubuntu)