LDAP/ActiveDirectory: Optimise Group Filter for nested groups

the current zammad LDAP integration filters groups via “(objectClass=group)”.

Unfortunately this filter does not fetch users, that are assigned via a “group in group” construct:

  • zammad admins set to: cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net.
  • ldap group “cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net” contains group “cn=admins,ou=groups,ou=corp,dc=intra,dc=net”

Changing the filter to "memberOf:1.2.840.113556.1.4.1941:=cn=zammad_admin,ou=groups,ou=corp,dc=intra,dc=net.)
would result in recursive group expansion - users added via groups are now added to zammad admins
(see https://stackoverflow.com/questions/6195812/ldap-nested-group-membership)

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.