It is recommended to set up separate shares for each department rather than using one large shared folder for all. This simplifies management and reduces the risk of permission issues. Each department can manage its own permissions independently. In a Windows environment, it is advisable to use only Windows ACLs (Access Control Lists) and manage permissions through Windows tools. Avoid using Linux tools such as setfacl to modify permissions, if possible.
Furthermore, please take a look at our manual:
Changes to the permissions of a shared directory performed directly in the file system are not forwarded to the LDAP directory. If the permissions/owners are edited with the UMC module Shares, the changes in the file system are overwritten. Settings to the root directory of a file share should thus only be set and edited with the UMC module. Additional adjustment of the access permissions of the subordinate directories are then performed via the accessing clients, e.g., via Windows Explorer, or directly via command line commands on the file server.