[TYPO3] AD group relationships lost in LDAP Sync? (correction added)

[Bing Du]

> Hi,
>
> We are able to import groups from active directory to typo3 using
> ldap_sync, ldap_server, ldap_lib and ldap_auth extensions.  Using groups
> for access control on pages works fine.  The problem we're seeing now is
> seems like group relationship is lost when groups are sync'ed with the
> active directory.  It takes all the imported groups as on the same level.
>
> Say, we imported group A and group B to typo3 from the active directory.
> In the active directory, group B is a member of group A.  So in theory, if
> privileges are granted to group A, all the members of group B should
> inherit the same privileges.  But in Typo3, we give group A access to a
> page.  A member of group B cannot see the page.
>
> Would anybody shed some light?
>
> Thanks in advance.
>
> Bing
>

After looking more, I think the real issue is the 'getFEGroups' function
of the ldap_server extension retrieves only the groups a user is explicit
member of.  Maybe it already does what it's supposed to.  But in order to
do what I talked about in my original post, we need to some how retrieve
all the explicit or implicit groups a user is in from the LDAP.  Anybody
ever had to deal with such a kind of situation and would like to share
your experience?  Any insight would be greatly appreciated.

Thanks,

Bing