Does anyone know of a way to have CFLDAP return ALL the
groups a user is a member of? By default, it only returns direct
group membership ... e.g. if John is a member of A and group C, and
group C is a member of group B, then John should show up as a
member of group A, B & C ... yet he will not, his memberOf
attribute will only show membership for A and C where he is a
direct member!
Obviously, you could use CFLOOP etc to generate your own
recursion, but that would be extremely inefficient in a large
company such as ours (ie lots of groups and groups in groups).
Another options I've read a little about is to use the
"tokenGroups" attribute which can apparently be parsed into the
SIDs of the different groups a user is a member of ... but I have
been unable to get CFLDAP to return that attribute!!
Any help much appreciated - thank you.