Create a group MySubGroup, add the user DOMAIN\access.user to the group MySubGroup, and add MySubGroup to the group MyGroup. If we do not change this configuration file, the user DOMAIN\access.user will not be able to authenticate to the site.
To solve the problem in an Active Directory environment you need to use a rule LDAP_MATCHING_RULE_IN_CHAIN. Using it, you can enumerate all members of this group, also including members of nested groups.
The filter specified in the URL query will return only users that are directly or indirectly joined in MyGroup. So the verification directive require group is no longer needed, replace it for _require validuser
If the group name contains spaces, replace all spaces with the %20 code
For example, we have the following configuration file:
Create a group MySubGroup, add the user DOMAIN\access.user to the group MySubGroup, and add MySubGroup to the group MyGroup. If we do not change this configuration file, the user DOMAIN\access.user will not be able to authenticate to the site.
To solve the problem in an Active Directory environment you need to use a rule LDAP_MATCHING_RULE_IN_CHAIN. Using it, you can enumerate all members of this group, also including members of nested groups.
The filter specified in the URL query will return only users that are directly or indirectly joined in MyGroup. So the verification directive require group is no longer needed, replace it for _require validuser
If the group name contains spaces, replace all spaces with the %20 code