LDAP: add memberOf attribute for each parent group

[AlphaJack]

Is your feature request related to a problem? Please describe.
The group documentation says

Groups can be children of another group. Members of children groups are effective members of the parent group.

However, even if I configured "Friends" to be parent of "Moderators" that is parent of "Admins", and kept myself only in Admins, when querying my user with a LDAP serch I get:

# AlphaJack, users, ldap.example.org
dn: cn=AlphaJack,ou=users,dc=ldap,dc=example,dc=org
cn: AlphaJack
uid: ...
name: ...
displayName: ...
goauthentik.io/ldap/active: true
goauthentik.io/ldap/superuser: true
mail: ...
objectClass: user
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: goauthentik.io/ldap/user
uidNumber: 2001
gidNumber: 2001
memberOf: cn=Admins,ou=groups,dc=ldap,dc=example,dc=org
sAMAccountName: AlphaJack

Describe the solution you'd like
I would instead expect the following:

# AlphaJack, users, ldap.example.org
dn: cn=AlphaJack,ou=users,dc=ldap,dc=example,dc=org
cn: AlphaJack
uid: ...
name: ...
displayName: ...
goauthentik.io/ldap/active: true
goauthentik.io/ldap/superuser: true
mail: ...
objectClass: user
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: goauthentik.io/ldap/user
uidNumber: 2001
gidNumber: 2001
memberOf: cn=Admins,ou=groups,dc=ldap,dc=example,dc=org
memberOf: cn=Moderators,ou=groups,dc=ldap,dc=example,dc=org
memberOf: cn=Friends,ou=groups,dc=ldap,dc=example,dc=org
sAMAccountName: AlphaJack

So I could bind apps to the Friends or Moderators level and expect it to include also Moderators or Admins

Describe alternatives you've considered
I need to keep all Admins also in the Moderators and Friends group, and all Moderators also in the Friend group

This workaround is not practical as it requires setting an additional attribute for all parent groups for all possible LDAP providers dn, e.g. dc=app1,dc=example,dc=org dc=app2,dc=example,dc=org

Additional context
Not yet tried proxy auth permissions

[williamhatcher]

This is still an issue for me on Authentik 2024.2.1.

[BeryJu]

duplicate of #2417, see #2417 (comment)