I am trying to query an Active Directory tree for some users. The AD is configured with Nested Groups. I am using the LDAP_MATCHING_RULE_IN_CHAIN.
We are using a java class that is building this LDAP queries from a key/value configuration file. everything on this side works well; below I list the 3 properties involved where I built a filter to retrieve the users that are members to one TargetGroup (the target group has only nested groups under it):
*the -SearchScope SubTree is assumed by default in the java class used for querying the AD
*when using (sAMAccountName=u%) instead of (sAMAccountType=805306368) the results are empty, the (sAMAccountType=805306368) is not really necessary here (same behaviour with or without)
The issue is that it has a different behavior after first run: it works exactly once meaning that at first use is working as expected returns 12 users with their properties, but beginning with second call (running the exact same query again) the result is only one user, actually the first user that is found in the sequence.
We can't explain the behavior. Do you have some insight regarding this behavior?