If you want to use LDAP and require the additional capability to use nested group memberships, you can configure Data ONTAP to enable LDAP RFC2307bis support.
About this task
In LDAP client schemas, group objects use the memberUid attribute. This attribute can contain multiple values and lists the names of the users that belong to that group. In RFC2307bis enabled LDAP client schemas, group objects use the uniqueMember attribute. This attribute can contain the full distinguished name (DN) of another object in the LDAP directory. This enables you to use nested groups because groups can have other groups as members.
The user should not be a member of more than 256 groups including nested groups. Data ONTAP ignores any groups over the 256 group limit.
By default, RFC2307bis support is disabled.