Solved: Re: Are nested AD groups supported in the Addition... - Qlik Community

nwatson-qit · ‎2016-08-18

I have created a user directory connector that reads users from active directory (sync data for existing users ticked), and has an additional filter that specifies a particular AD group for users who should have access to Sens. I had hoped to nest more AD groups in this group to permit users access, but only users listed directly in the queried AD group are sync'd, not users that belong to nested groups.

Does anyone know if nested groups are permitted in a UDC LDAP query?

lucienorrin · ‎2016-10-14

I was able to import users that are members of nested groups. The query is based on LDAP_MATCHING_RULE_IN_CHAIN, and is faster than a recursive search but still isn't very fast.

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=mygroup,OU=Groups,DC=mydomain,DC=com))

View solution in original post

lucienorrin · ‎2016-10-12

I was wondering this as well.

Did you ever get an answer?

nwatson-qit · ‎2016-10-13

Never did. My own investigations suggested that it doesnt, but the LDAP query can be updated to OR type. which I think will overcome my initial problem. It does mean the security maintenance is a bit heavier though.

lucienorrin · ‎2016-10-14

I was able to import users that are members of nested groups. The query is based on LDAP_MATCHING_RULE_IN_CHAIN, and is faster than a recursive search but still isn't very fast.

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=mygroup,OU=Groups,DC=mydomain,DC=com))

larshilke · ‎2017-05-09

Thank you Luke for this information. It works like a charm with nested groups. I recommend that this article is marked as Answered.

DBIT · ‎2024-08-07

Is it possible to target nested AD group users without including the parent AD group?

Are nested AD groups supported in the Additional LDAP filter in an AD UDC