Does OpenStack support nested groups using Active Directory authentication?

Issue

• We have keystone configured to query Active Directory for user authentication. If I assign member or admin role to a project based on a group in which my user lives, I can login to horizon. If I assign member or admin role to a group in which the group that I am in is nested, I can not log in stating I am not authorized for any projects. The error in keystone.log is as follows:

  2016-09-28 07:53:18.657 26382 DEBUG keystone.common.ldap.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] Referrals were returned and ignored. Enable referral chasing in keystone.conf via [ldap] chase_referrals convert_ldap_result /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:173
  2016-09-28 07:53:18.657 26382 DEBUG keystone.common.ldap.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] LDAP unbind unbind_s /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:907
  2016-09-28 07:53:18.657 26382 DEBUG keystone.identity.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] ID Mapping - Domain ID: <UUID>, Default Driver: False, Domains: False, UUIDs: False, Compatible IDs: True _set_domain_id_and_mapping /usr/lib/python2.7/site-packages/keystone/identity/core.py:587
  2016-09-28 07:53:18.657 26382 DEBUG keystone.identity.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] Local ID: username _set_domain_id_and_mapping_for_single_ref /usr/lib/python2.7/site-packages/keystone/identity/core.py:605
  2016-09-28 07:53:18.660 26382 DEBUG keystone.identity.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] Found existing mapping to public ID: <UUID> _set_domain_id_and_mapping_for_single_ref /usr/lib/python2.7/site-packages/keystone/identity/core.py:618
  2016-09-28 07:53:18.665 26382 DEBUG keystone.common.ldap.core [req-920c157b-f228-4d17-a50b-19a90f41b143 - - - - -] LDAP init: url=ldap://ad.example.com _common_ldap_initialization /usr/lib/python2.7/site-packages/keystone/common/ldap/core.py:576