Until recently it was impossible to have a user that was a member of both local and LDAP groups and this makes centrally managing applications such as Oracle, particularly problematic.
This problem can now be overcome by setting the "domainlessgroups" attribute to true in "/etc/security/login.cfg". The AIX documentation describes it as follows:
"domainlessgroups Defines the system configuration for merging the user's group attributes among LDAP and files Modules. Only files and LDAP modules are supported. Valid values are "true" or "false". "true" :
When this attribute is set as true, the group attribute is merged from the LDAP and files modules i.e. LDAP users can be assigned local groups and vice versa. "false" : When this attribute is set as false, the group attribute is not merged from the LDAP and files modules.
Default value is "false".