LDAP-Only allow to login if users belong to both security groups

Hi all, my company has multiple LDAP servers, so I can’t use bind_dn=DOMAIN%s because there are many domains. I have to use bind_dn and bind_password instead. They support memberOf attribute.

I am asked to only allow users that belong to BOTH security groups. How do I do it?

I tried to add 2 memberOf filter into search_filter but that doesn’t work because the bot account I used for bind_dn doesn’t belong to any of the groups. So I got “Authentication failed” with the LDAP server

[[servers.group_mappings]] only supports 1 group so it will be an OR group membership checking and not AND. Can I use group_search_filter for this?