LDAP Source: Indirect Memberships not working

[eiclu]

Describe your question/ FreeIPA supports indirect group memberships, meaning you can be member of a group by being member of a child group. The problem stems from how those indirect group memberships are mapped to LDAP: The group stored in a memberOf attribute of the user, but the user is not stored in a member attribute of the group. This normally is not a problem, since many applications get the group memberships from an user's memberOf attribute. But as far as I can see, Authentik only supports getting memberships from a group attribute, which does not work correctly with FreeIPA.

• Can I use a Property Mapping to set a group membership of an user?
• Is there any way to map group memberships in the LDAP Source by user attributes?

Relevant infos We use a FreeIPA Server.

[eiclu]

Sidenote: The code to sync group memberships says it iterates the users (what I would need), but it iterates the groups