I need information regarding LDAP search filter to extract nested group membership. Basically, my idea is say for instance, a user is belonging to 5 groups [A, B, C, D, E] Can I write a single LDAP search query to get the member groups to which group [A, B, C, D, E] may be a part of? And I can use this logc recursively to retrieve all group information till the complete root of the AD?
And I need this solution to be for generic AD, so I cannot use LDAP_RULE_IN_CHAIN filter which works only for MS AD.
All Groups a User is a member of including Nested groups
As an example, to find all the groups that "CN=John Smith,DC=MyDomain,DC=NET" is a member of, set the base to the groups container DN; for example (OU=groupsOU,DC=MyDomain,DC=NET) and the scope to subtree, and use the following filter.
(member:1.2.840.113556.1.4.1941:=(CN=John Smith,DC=MyDomain,DC=NET))
Where CN=John Smith,DC=MyDomain,DC=NET is the user's FDN and the Extensible Match Rule 1.2.840.113556.1.4.1941.
-jim