We're trying to setup Active Directory to manage both the users and groups of a new instance of Jira we are currently spinning up. We've been able to filter the userbase to return only users who are members of the relevant groups but it doesn't include them in said groups.

We believe this down to the groups containing other groups (i.e. endusers are nested in Jobs group which are then members of the Jira groups). We've tried Enabling Nested Groups in the Advanced Settings but with no luck.

We think the issue lies in our "Group Object Filter" as when we try to use LDAP_MATCHING_RULE_IN_CHAIN (1.2.840.113556.1.4.1941) as suggested in this post: https://community.atlassian.com/t5/Jira-questions/JIRA-OpenLDAP-Test-get-user-s-memberships-Failed/qaq-p/226200 but it breaks on "Test get user's memberships" test. Filter is: (&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=cn=Tool_Jira - Users,ou=tool,ou=group,ou=user,ou=[hidden],dc=[hidden],dc=co,dc=uk))) the filter doesn't return any groups.

If we use the following filter and add the enduser directly to our "Tool" group: (&(objectCategory=Group)(cn=Tool_Jira - Users)), this does work (both options in "Use the User Membership Attribute" need to be selected). It finds the users, the group and the members of group.

So we believe the issue is with trying to use the LDAP_MATCHING_RULE_IN_CHAIN function in our group filter. Has anyone else had this issue and been able to resolve it when using nested groups?

Many Thanks
Ben