GUACAMOLE-954: Add LDAP support for nested user groups

[stcbus]

This is the start of a pull request to address GUACAMOLE-954 in a performant way, but unfortunately this feature only works with Active Directory (as far as I am aware).

I added a new config boolean due to this called 'nested-groups' to enable/disable the AD-specific query.

It makes use of the LDAP_MATCHING_RULE_IN_CHAIN mentioned in the Jira with a specific OID.

I understand if the team is not keen on merging a feature that is only for a specific vendor's LDAP implementation, but this is performant and very useful for us in our AD environment so I would like to try and get it added for the others who requested it and likely using AD as well.

[necouchman]

I understand if the team is not keen on merging a feature that is only for a specific vendor's LDAP implementation, but this is performant and very useful for us in our AD environment so I would like to try and get it added for the others who requested it and likely using AD as well.

Personally I think it would be fine to have this feature included, provided we clearly document when it is expected to work and when it probably will not work. Many other software applications out there that leverage LDAP have ways of configuring the type of LDAP server you're pointing to in order to make use of specific features, and I agree that it would be useful for folks pointing at AD-based LDAP servers.

[stcbus]

@necouchman Added it as a final string.

[necouchman]

One more minor comment update, and I think this will be ready to merge.

[necouchman]

Thanks @stcbus! If you could also update the apache/guacamole-manual with a PR, that would be helpful to make sure documentation is up-to-date.