It is possible to create a Managed Unit which is comprised of a custom LDAP query containing an LDAP_MATCHING_RULE_IN_CHAIN OID.
This OID is used to return nested/indirect group members.
This type of custom LDAP query looks something like this:
(memberOf:1.2.840.113556.1.4.1941:=CN=GroupName,OU=Groups,DC=domain,DC=local)
The Managed Unit will populate with the expected members, but Access Templates which are linked to this Managed Unit will not resolve on any group members: delegates will not receive the granted access in the target locations.
This is expected functionality due to a current Active Roles product limitation.
WORKAROUND
Using the Managed Unit membership rule Include Group Members will not display all indirect/nested members of the target group within the Managed Unit, but any associated Access Templates will resolve on all indirect/nested members of the target group.
STATUS
An enhancement request has been created to change the existing behaviour of Active Roles. This enhancement request can be tracked under Enhancement ID 272534.
Product Management will evaluate the request and this feature may become available in a future release of the product.
There are no guarantees that this specific enhancement request will be implemented in a future release. For more information regarding our Enhancement Request policy, refer to our Global Support Guide on the Support Portal at: https://support.oneidentity.com/essentials/support-guide/
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center