Please support nested groups
|Reported by:||korn||Owned by:||sandinak|
Currently, your code finds group memberships by searching for groups that have the user's DN as member.
This doesn't work for nested groups. It might be possible to use memberOf instead (I'm not sure; it's also not universally available); but failing that, there seem to be two approaches:
- Build a full internal representation of the entire LDAP group hierarchy. This probably doesn't scale well if there are many groups.
- Look up specific groups (e.g. the ones that have special permissions attached in the trac instance) and recursively obtain lists of their members (by checking whether each member is also a group, and enumerating its own members etc.). This is, I think, the better solution overall.