Hello everyone. Can you clarify the situation about nested groups? When I use rfc2307bis I'm not able to get membership from nested groups. Example: GRP-SVC-SSH-NODE |- user1 |- user2
GRP-SVC-SSH-NODE1 |- GRP-SVC-SSH-NODE
Users from GRP-SVC-SSH-NODE are not members of GRP-SVC-SSH-NODE1.
In previous version 1.3.1 it works, but from 1.4 version it is not working. As I may see in "src/providers/ldap/sdap_async_accounts.c":
/* FIXME: we ignore nested rfc2307bis groups for now */ filter = talloc_asprintf(grp_state, "(objectclass=%s)", opts->user_map[SDAP_OC_USER].name);
Also the same situation with LDAP memberOf attribute. It just create "originalMemberOf" entry, but do nothing with it.
Maybe the problem is because of groups are stored in different OU:
OU=COMPUTE |-OU=GROUP-ACCESS |- cn=GRP-SVC-SSH-NODE |- ou=SSH-GROUPS |-cn=GRP-SVC-SSH-NODE01
which means: GRP-SVC-SSH-NODE = cn=GRP-SVC-SSH-NODE,ou=GROUP-ACCESS,ou=COMPUTE, dc...... GRP-SVC-SSH-NODE1 = cn=GRP-SVC-SSH-NODE1,ou=SSH-GROUPS,ou=GROUP-ACCESS,ou=COMPUTE, dc.....