Best practice sharing with ldap groups


we are using nextcloud in a school environment. We added LDAP groups for classes and courses. Those groups will rotate with the end of the school year. For example: students of group class-5 will be in group class-6.
We do not want in general, that data from students of old class-5 will be in hands of students of new class-5.

We tried deactivating of individual LDAP groups, but the sharing was not removed [edit: so it was shown in details view. Users of those group did not have access anymore, of course]. On the other hand, when we reenabled the group with new users, they didn’t see the share, so we need to reshare with this group.

This might be fine on this particular problem, but it seems to be kind of an intransparent (for me) workaround, just because I don’t understand the best practice of sharing with LDAP groups. (On the other hand: When we will have a new member joining an existing group, we have to reshare, so everyone who unsubscribed from this share will have to do this again.

Any kind of advice is appreciated. Feel free to advice things outside the box. :slight_smile: