Yes i mean nested groups, ...and IT WORK !
just because of 'member'-attribute, - just add it to
'posixGroup'-objectclass ,and you can add
members like this:
There's no doubt that you can store nested groups in your OpenLDAP
database. But the question is whether any LDAP client used (e.g.
nss_ldap) evaluates the nested grouping. posixGroup was at first meant
for something like nss_ldap.
where IT is another posixGroup,
As result - members of IT-group becomes to 'Domain Admins'
I told you - it must works, you try, i'm already tested with Samba acl
shares (and my Samba looking for Ldap)
It might work with Samba but may not work with other LDAP clients you're
using. You have to check that.