Suppose that the company LDAP directory has the following organization:
Suppose that this company has the following configuration and requirements:
Under each branch of the tree, the system administrator has created users who work in these departments.
Each department has its own web resources and other departments must be denied access to these resources.
With this type of configuration, you can use the LDAP context condition to create authorization policies or you can create role policies that are used in conjunction with authorization policies.