Getting list of all groups and nested group memberships

[LrsK]

I want to get all the groups my users are members of, not just the first-level groups. E.g. if I have a user "bob" who is a member of group "A". And group "A" is a member of group "B", then I want user "bob" to show both groups "A" and "B".

With the following settings I only get group "A" when looking up user "bob":

LDAP_BASE_DN="dc=myrealm,dc=com"
LDAP_REALM_NAME="MyFunRealm"
LDAP_OBJECTS_DN="dn"
LDAP_USER_OBJECT_FILTER="(&(objectclass=inetorgperson)(uid=%s))"
LDAP_GROUP_MEMBERS_FIELD="member"
LDAP_GROUP_OBJECT_FILTER="(&(objectclass=groupofnames)(member=%s))"
LDAP_GROUP_MEMBER_FILTER="member=%s"
LDAP_GROUP_MEMBER_FILTER_FIELD="cn"

Is it possible to get the group info I want by altering the settings or is this something that needs to be changed in the library?

[alexferl]

Hello,

I don't think it's currently possible, but I am not 100% sure. If I understand the use-case correctly, you'd like to get both group "A" and "B" when doing a get_user_groups() on user "bob"?

[LrsK]

That is correct. So I want to get both direct and indirect group memberships. I couldn't find a way to query for this against my FreeIPA installation. I think there is some support for it in AD though.