Nested groups from AD/LDAP sync not working

[mgasche]

Describe the bug If groups are nested in the Active Directory, Authentik cannot apply the subgroups. For example, if I have the group G_Team-UserServices and in it the groups for Authentik P_Authentik-GitLab, P_Authentik-Nextcloud and P_Authentik-vCenter, these nested groups are not applied and the users who are members of the G group do not receive any permissions to those apps.

To Reproduce Steps to reproduce the behavior:

1. Connect Authentik via LDAP with the AD
2. Create G group
3. Create P groups
4. Add P to G groups
5. Add users to the G group
6. Add apps to the P groups in Authentik
7. Log in to Authentik with a G Group member

Expected behavior The users from the G group have access to all apps that are authorized by the P groups that are nested.

Version and Deployment (please complete the following information):

• authentik version: 2024.2.2
• Deployment: docker-compose

Additional context At the moment, every user must be assigned to every P group in order to receive authorization. This is very time-consuming with 100+ users who then belong to different teams.