Modifying LDAP Locally Imported User group, policies are applied based on previous group membership
03/26/2020 28 12723
DESCRIPTION: When users are imported from LDAP, you can set group membership for those users locally. However, these new settings are not taken in consideration when applying the policies to the users.
CAUSE: SonicOS is always querying the LDAP server for group membership because that should be more up-to-date. So if the configuration of the local user is different from LDAP user, the policies will be applied based on LDAP User's group membership.
If you want to set/modify group membership and users options locally, you should enable the option " User group memberships can be set locally by duplicating LDAP user names " available on Users | Settings | Configure LDAP | Users tab.
Enabling that option will allow you to modify LDAP users configuration locally instead of modifying the one on the LDAP server.