I have two policy issues.
First Issue: I get an error that says
Admin actions are defined, but the action policywrite is not allowed! when the helpdesk policy is enabled on the local admin account and users in the admin realm.
Second Issue: When all policies are enabled, the HelpDesk policy is not applying to users in the ldap resolver. These users are only getting the SelfService policy.
example (assigned ldap resolvers helpdesk, users)
admin (assigned ldap resolver admin, set as superuser realm in pi.cfg)
admin: LDAP filter configured to look for users in the AD group, admin.
helpdesk: LDAP filter configured to look for users in the AD group, helpdesk
users: LDAP filter configured to exclude users from ad groups admin and helpdesk
(Users are exclusive to one group or the other, a user does not exist in both admin group and helpdesk group)
All policies are templates