What are nested LDAP groups?
This is when an LDAP group is nested within another LDAP Group. The LDAP User doesn't have an explicit link to the Parent Group, but the User has an explicit link to the Nested Group.
Due to the nature of this hierarchy, if the parent Group is used as the LDAP Authentication Group the end user in the child group will not appear and will not be able to login, unless you tell Yellowfin to search in nested groups (see how to enable below).
How do you enable nested LDAP group lookup in Yellowfin?
1. Backup your Yellowfin table prior to making changes.
2. Run the following query run against your Yellowfin Configuration database.
insert into configuration values (1, 'SYSTEM','LDAPSEARCHNESTEDGROUPS', 'true');
Why is this disabled by default?
As it can add a significant processing overhead to many LDAP functions and therefore reducing performance, this feature is disabled out of the box.
As always if you have any questions on this, or anything else, please reach out to us.
Regards,
The Yellowfin Support Team.