the current zammad LDAP integration filters groups via “(objectClass=group)”.
Unfortunately this filter does not fetch users, that are assigned via a “group in group” construct:
- zammad admins set to: cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net.
- ldap group “cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net” contains group “cn=admins,ou=groups,ou=corp,dc=intra,dc=net”
Changing the filter to "memberOf:1.2.840.113556.1.4.1941:=cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net.)
would result in recursive group expansion - users added via groups are now added to zammad admins
(see active directory - ldap nested group membership - Stack Overflow)