Home/ Questions/Q 6919139
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T09:57:05+00:00

I am trying to get a Pentaho-BI server which uses spring security to support

  • 0

I am trying to get a Pentaho-BI server which uses spring security to support nested LDAP roles. My group structure is as follows:

  • PentahoAdmins (group)
    • Members: Domain Admins
  • Domain Admins (group)
    • Members: User1
  • User1 (user)

I would like to verify that User1 is part of the PentahoAdmins group, without having to add the user to the group directly. From my research online, it doesn’t seem like Spring’s DefaultLdapAuthoritiesPopulator supports nested groups. I’m sure it’s possible to create a subclass that supports group nesting, but has someone already gone to this trouble and published it in an open source project?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found this article in regards to Microsoft’s Active Directory. A search for LDAP_MATCHING_RULE_IN_CHAIN or the link above will present more information on the topic. The idea is that you can add a group search filter for the parent group and the uid of the user in your Spring Security config:

    (&(uid={0})(memberof:1.2.840.113556.1.4.1941:=CN=parentGroup,DC=mycompany,DC=com))

=~ This user is {0} and is in a group that is a member of our parent group.

    I tested this with Spring LDAP using a read-only context to search MS Active Directory but I have not confirmed this with group-search-filter in Spring Security, yet. I hope this helps.

    • 0