I'm working on a PHP/Active Directory auth class, but would like to know how to resolve nested group memberships. It's a mess to make each user member of all needed groups, so I'd like to make use of groups in groups. How should I tackle this with LDAP?
adLDAP is an open source solution for LDAP/AD in php.
you can check it's code if you wish to create an auth class yourself, or just use it in your auth class to handle all interactions with the LDAP/AD
you can get it here