Currently in Atlassian-user, groups can only include users, not other groups. Support for nested groups would allow groups to contain other groups.
For example, consider the following simplified LDAP records:
In this example, the group 'sales' is a group containing just a single user, 'salesman'. However, the 'staff' group contains both the user 'ceo' and the group 'sales'.
In Atlassian-user, implementing nested groups would mean that 'salesman' would be a member of both 'sales' and 'staff' in the above scenario. Atlassian-user should also recognise that both users and groups can be members of a group, especially when listing the membership information for a group. (That is, a list of the members of 'staff' should have two entries: an entry for the 'ceo' user and an entry for the 'sales' group. The membership should not automatically be condensed into a list of two users.)
In applications, permissions granted to the 'staff' group should apply to both 'salesman' and 'ceo'. Additionally, any new users added to 'sales' should automatically gain these permissions.