Hi Team, we are trying to configure LDAP connectivity and the ask is to fetch the nested groups configured within LDAP directory and authorize the user based on the Nested group structure in active directory.

Extract the group and map it with the access group that is setup within Pega.

Can it be done with just applying a directory context parameter other than what we have below?

current settings in

Directory Context

OU=ABCCorp Users,DC=ourdc,DC=com

Search Filter

(sAMAccountName=%V)

we are using memberOf LDAP attribute to fetch the the list of groups.

If the user is part of a Nested group this doesn't work. We are using following code to retrieve the groups.

if (isSingleValue)

{

       Object tmp = attr.get();

       String val = (tmp != null) ? tmp.toString() : null;

       attrvals.add(val);

       if(attrname.equals("memberOf")){

       memberOf+="||"+val;

  }

     }

     else {

                  for (int j = 0; j < attr.size(); j++) {

         Object tmp = attr.get(j);

         String val = (tmp != null) ? tmp.toString() : null;

         attrvals.add(val);

  if(attrname.equals("memberOf")){

  memberOf+="||"+val;

  }

Client is saying that if they have a nested group they can avoid large management task for the Access Admin team to add every user that needs access to Pega to their correct groups.

Any pointer on how to fetch from a nested AD groups is much appreciated.