Search for LDAP_MATCHING_RULE_IN_CHAIN groups

Signed-off-by: Yann David <davidyann88@gmail.com>

src/common/utils/ldap/ldap.go

@@ -220,6 +220,22 @@ func (session *Session) SearchUser(username string) ([]models.LdapUser, error) {
 			}
 			u.GroupDNList = groupDNList
 		}
+
+		log.Debugf("Searching for nested groups")
+		nestedGroupDNList := []string{}
+		nestedGroupFilter := createNestedGroupFilter(ldapEntry.DN)
+		result, err := session.SearchLdap(nestedGroupFilter)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, groupEntry := range result.Entries {
+			nestedGroupDNList = append(nestedGroupDNList, strings.TrimSpace(groupEntry.DN))
+			log.Debugf("Found group %v", groupEntry.DN)
+		}
+		u.GroupDNList = append(u.GroupDNList, nestedGroupDNList...)
+		log.Debugf("Done searching for nested groups")
+
 		u.DN = ldapEntry.DN
 		ldapUsers = append(ldapUsers, u)
 
@@ -419,3 +435,9 @@ func createGroupSearchFilter(oldFilter, groupName, groupNameAttribute string) st
 	}
 	return filter
 }
+
+func createNestedGroupFilter(userDN string) string {
+	filter := ""
+	filter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=" + userDN + "))"
+	return filter
+}