https://bugs.openldap.org/show_bug.cgi?id=9402
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to Vincent Danjean from comment #0)
Hi,
The memberof overlay add support for memberOf attributes. But, when using nested groups, user group membership must be handled on each ldap client. The current implementation allows one to only retrieve direct group ownership. Nested group membership must be done by client recursive lookup.
Microsoft Active Directory provides a way to do the recursive lookup at server side: https://ldapwiki.com/wiki/LDAP_MATCHING_RULE_IN_CHAIN It would be really useful if openldap (slapd) was also able to do the same.
Regards, Vincent
PS: I set the component to overlays in this bugs report, but I'm not sure it should be implemented into the overlays memberof itself.
Based on the description you linked, it looks like this provides the same functionality as the dnSubtreeMatch extended matching rule in OpenLDAP. I don't see much reason to add this M$-specific extension.