是否有可能创建一个LDAP查询将返回（或检查）的用户在嵌套组？例如用户A是A组的成员，而组A是组B的成​​员。我希望在组B的查询返回了用户A是其成员。 LDAP只。该服务器是Active Directory中。

Is it possible to create an LDAP query which will return (or check for) users in a nested group? e.g. UserA is a member of GroupA, and GroupA is a member of GroupB. I want a query on GroupB to return that UserA is a member. LDAP only. The server is Active Directory.

推荐答案

是的，使用LDAP_MATCHING_RULE_IN_CHAIN​​匹配规则（OID 1.2.840.113556.1.4.1941）。例如：

Yes, using the LDAP_MATCHING_RULE_IN_CHAIN matching rule (OID 1.2.840.113556.1.4.1941). For example:

(memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x)

看http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx