Condition OR for LDAP in group

I need some help with LDAP, namely with OR condition for group.
I have two groups on my LDAP-server. First group for opennebula admins, second for opennebula developers:


And i want mapping users from oned-admin LDAP-group to oneadmin group in Opennebula and oned-dev LDAP-group to users group in Opennebula.

For that i add OR condition for group in a LDAP auth configuration file - ldap_auth.conf:

:group: '(|(cn=oned-admin,cn=groups,cn=accounts,dc=example,dc=net)(cn=oned-dev,cn=groups,cn=accounts,dc=example,dc=net))'

But I get an error:

User test is not in group (|(cn=oned-admin,cn=groups,cn=accounts,dc=example,dc=net)(cn=oned-dev,cn=groups,cn=accounts,dc=example,dc=net))

When i do a filter for group without OR condition authentication is success.

:group: 'cn=oned-admin,cn=groups,cn=accounts,dc=example,dc=net'

Does Opennebula support OR condition in group filter?

Hi @perrfect,

You can do that by using Group Mapping

Update both groups with the attribute GROUP_DN set to cn=oned-admin,cn=groups,cn=accounts,dc=example,dc=net for oneadmin and set to cn=oned-dev,cn=groups,cn=accounts,dc=example,dc=net for users.


Thank you so much for the reply.

When i will set GROUP_DN in this case, which
:group: in a config file should i use?