I don't think it will work to have two local rules for one remote rule.
One possibility is to use the any_one_of condition in the remote rules to match particular user names, since you know which users are already local:
https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#mapping-conditions
Then you could have the first rule match on those usernames, and the second rule be a catch-all for the rest. Would that work for you?
I don't think it will work to have two local rules for one remote rule.
One possibility is to use the any_one_of condition in the remote rules to match particular user names, since you know which users are already local:
https:/ /docs.openstack .org/keystone/ latest/ admin/federatio n/mapping_ combinations. html#mapping- conditions
Then you could have the first rule match on those usernames, and the second rule be a catch-all for the rest. Would that work for you?