No, there is no variable substitution possible at the moment.
so do you plan to implement it? should I file a bug?
Depending on what you are trying to achieve (sounds to me like you
wanted
to only allow members of the sysadmin group?), would the simple access
provider be a better choice?
for some machines this would be enough. must i "stack" providers? can you point
me to an example using ldap and simple providers?
regards,
abosch