@Frank168
Unfortunately, Apache NiFi does not support Nested Groups. There is an existing Apache NiFi Jira (NIFI-8035) for such an improvement, but it has never been implemented. The existing implementation of the ldap-user-group-provider would treat all members of a group as users and does not validate the type of member. Any change here would require NiFi to retrieve the object class of all members of a group and then conduct another search of any that were of identified as a group to retrieve their members and so on until all users are identified throughout the entire nested group tree.
Something to keep in mind here is that all the user and group identities along with associations are held in the NiFi heap memory on every node. So doing such could result in a lot of user and groups consuming NiFi heap memory. You should configure your Ldap-user-group-provider to sync only the groups from which users exist that will be accessing your NiFi limiting the length of time it takes to sync every 30 minutes and the heap memory impact.
Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
