Removing Users from LDAP Query Role

I have a scenario where i have configured my LDAP Query Roles like this

  1. Role1 → mapped to a query (e.g. JobCode=100)
  2. Role2 → mapped to a query (e.g. JobCode=200)


  1. John → JobCode=100
  2. Mischell → JobCode=100
  3. Sam → JobCode=200
  4. Tim → JobCode=100

Now, i want to remove Tim (JobCode=100) from Role 1 and assign him to Role2 without changing his jobcode.

So, my question is that how can i remove my user from LDAP query role without changing the user parameter which is bound in the ldap query on the role.

PS: LDAP Query Syntax is just a pseudo.

You would need a more sophisticated ldap query.