Is it possible to create an LDAP query which will return (or check for) users in a nested group? e.g. UserA is a member of GroupA, and GroupA is a member of GroupB. I want a query on GroupB to return that UserA is a member. LDAP only. The server is Active Directory.
Yes, using the LDAP_MATCHING_RULE_IN_CHAIN matching rule (OID 1.2.840.113556.1.4.1941). For example:
(memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x)
see http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx