Claims augmentation nested groups depth

[ChristophHannappel]

Hello,

is there a way do configure how deep LDAPCPSE follows nested groups when doing the claims augmention? I ran a test with the following result:

Groupname	Member	Augmentation Works
Nested-0	UserA	✅
Nested-1	Nested-0	✅
Nested-2	Nested-1	✅
Nested-3	Nested-2	✅
Nested-4	Nested-3	❌

Thank you very much.

[Yvand]

Hello @ChristophHannappel, the depth cannot be configured but it should not be limited. But the current test scenario tests only 1 nested level, so there may be a bug/limitation I missed.

To understand your scenario, can you send me the output of this script:

Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$config.Settings.LdapConnections | fl EnableAugmentation, GetGroupMembershipUsingDotNetHelpers

[ChristophHannappel]

Hello @Yvand, as requested the output of the script:

Add-Type -AssemblyName "Yvand.LDAPCPSE, Version=1.0.0.0, Culture=neutral, PublicKeyToken=80be731bc1a1a740"
$config = [Yvand.LdapClaimsProvider.LDAPCPSE]::GetConfiguration()
$config.Settings.LdapConnections | fl EnableAugmentation, GetGroupMembershipUsingDotNetHelpers

EnableAugmentation                   : True
GetGroupMembershipUsingDotNetHelpers : True

[Yvand]

Hello @ChristophHannappel, I just tested this level of depth using the same configuration, and it got all the nested groups as expected, including at the 4th level of depth as in your initial message. To double check what happens in your environment, can you set the LDAPCP logs to verbose: "LDAPCPSE:*"| Set-SPLogLevel -TraceSeverity Verbose Then try again and check the logs during the augmentation?

[ChristophHannappel]

Ok, now it works. guess i should have done a reboot. Sorry for the inconvenience.