Symptoms

Users can enable and disable nested groups support for Delegated Directories in applications that embed Crowd 2.6.0 (plugin version 1.6.0). The setting is persisted, because subsequent updates retain the value. However, when a user authenticates successfully, the group-to-group memberships are not copied to the database, and therefore not taken into account.

Steps to reproduce

1. Set up an LDAP directory (e.g., OpenLDAP) with two groups (group1 and group2). Make group1 a parent of group2. Create a user who is a member of group2 but not of group1.
2. Create a Delegated Directory in Confluence 5.0-beta4 (which embeds Crowd 2.6.0). Enable "nested groups", "copy user details" and "copy group details".
3. Log out from Confluence. Log in again using the credentials of the LDAP user created in step 1. Authentication should succeed.
4. Go to group browser to see a list of all groups.

Expected result

The list should contain "group1", since the user is an indirect member, and therefore, the group details should have been copied when he authenticated. Moreover, by clicking in "group1" it should be possible to see that it has "group2" as its member.

Actual result

"group1" does not appear on the list.

Notes

The issue cannot be reproduced in standalone Crowd because of a side-effect of CWD-3137. However, it has been verified in a feature branch of standalone Crowd with the fix for CWD-3137 in it.