Does PAM support nested Global and Universal AD groups

Document ID : KB000105635
Last Modified Date : 06/07/2018
Show Technical Document Details
In PAM is it possible to use nested Active Directory groups consisting of Global and Universal groups?
Universal groups cannot be members of Global groups.
But vice versa it is possible.

To confirm PAM is working correctly create
- an Universal group "group3" with member "user3"
- two Global groups "group2" with member "user2" and "group1" with member "user1"
- cascade group3 with member group2, and group2 with member group1
- in CA PAM LDAP Import select group3 only
- finally I find all three users being discovered and imported to PAM
Additional Information: