Hi Carl!
Carl Myers wrote:
One workaround that occured to me is: Can ApacheDS be configured to
automatically flatten nested groups, and always return transitive members?
I assume no. At least it is not easy, to accomplish this task. A
directory does not know, what nested groups are. It does not know, what
groups are. For the directory they are simply entries. Nested groups are
detected by performing several search requests as described here:
http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm#_memberOf_Algorithm
Either the Crowd code contains an error, your it has problems with your
data (which might by an error as well). Is it possible to configure a
depth for the searches? Strange thing, that some nested groups a
resolved, some are not ...
Anyway. From an ApacheDS point of view, it would be possible to
implement an interceptor which detects (and returns) all nested groups a
user belongs to, if a specific search op is send to the server.
But this would be custom application development, not a quick workaround.
Greetings from Hamburg,
StefanZ
