The active directory plugin is able to resolve nested groups for:
- Security groups: For this, you can use Token-Groups group lookup strategy
- Distribution groups: Both, nested distribution and security groups can be resolved by using the recursive lookup strategy.
The problem is when we have nested groups with a different nature, something like:
- Security Group A -> Distribution Group A -> Distribution Group B
In the above example, the plugin will only discover Security Group A with both Token-Groups and Recursive Lookup Strategy.
On the other hand in the example below, the plugin will be able to discover: Security Group A, Security Group B and Security Group C with the Token-Group strategy and ALL of them with the recursive strategy (since it considers both security and distribution)
- Distribution Group A -> Distribution Group B -> Distribution Group C
- Security Group A -> Security Group B -> Security Group C
I think we should create a new Group Lookup Strategy called "Recursive Full" which will consider all the groups. The current recursive should be called something like "Recursive light"