08ff2a4dba
Active Directory has a very specific mechanism to
handle nested groups. LDAP queries need to look like this:
"(&(objectClass=group)
(member=member:1.2.840.113556.1.4.1941:=CN=nwalnut,OU=Users,DC=EXAMPLE,DC=COM))"
If a deployment is using nested groups, three queries need to be
modified to support it:
- list users in a group
- list groups for a user
- check if a user is in a group
Since all three are necessary, a single configuration value ensures
that the change is synchronized across all three calls.
(cherry picked from
|
||
---|---|---|
.. | ||
backends | ||
id_generators | ||
mapping_backends | ||
shadow_backends | ||
__init__.py | ||
controllers.py | ||
core.py | ||
generator.py | ||
routers.py | ||
schema.py |