Authenticating Nested Groups in LDAP

ldap

Solution 1:

What application are you trying to configure.

There large majority of application that have some level of LDAP support as an LDAP client, simply have no support for nested groups.

Short of modifying the software, you may be out of luck.

If your LDAP server happens to be Microsoft Active Directory, then there is a non-standard search filter, that may help you.

See: - http://support.microsoft.com/kb/914828 - http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx

The LDAP_MATCHING_RULE_IN_CHAIN is a matching rule OID that is designed to provide a method to look up the ancestry of an object. Many applications using AD and AD LDS usually work with hierarchical data, which is ordered by parent-child relationships. Previously, applications performed transitive group expansion to figure out group membership, which used too much network bandwidth; applications needed to make multiple roundtrips to figure out if an object fell "in the chain" if a link is traversed through to the end.

Related

Java Runtime Environement on Windows 7, disable "Enable the next-generation Java Plug-in"
Purge print driver cache on windows 7 with powershell script
Can I close tickets on OTRS through e-mail like Trac does?
RDP Dual Screen Linux [closed]
Linux: How to Press Sysreq Key in VNC/Vsphere Client?
Adding a self-signed cert into trusted certificates list with powershell on Windows 7
Is creating element and set innerHTML more efficient or add HTML directly?
Download a tab of a google sheet as a CSV file
Will bad camera calibration affect pixel coordinates?
ServiceNow integration with C# and dotnet core application
How can I use foreach inside a code in NetLogo?
Access JSON keys in C# from ServiceNow Rest API