memberOf Nested Groups
Joseph Fischetti
Joseph.Fischetti at marist.edu
Thu May 14 18:05:05 UTC 2020
> Is there a way to obtain memberOf for nested groups memberships?
I do believe this is a function of your ldap server.
If you can query your ldap server for a particular user and their 'memberOf' attribute contains groups that they're only indirect members of, then Shibboleth will see it the same way.
IBM TDS, as an example, requires that you use the non-standard 'ibm-allgroups' attribute instead of 'memberOf' for getting information like this. The grouping structure is also non-standard. Groups that are members of other groups must be listed as "ibm-membergroup" instead of "member". At least that's what I've found.
I do believe OpenLDAP is more straightforward and intuitive than that, if that's what you're using.
More information about the users
mailing list